These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A SQL injection vulnerability was discovered in phpBB profile field migration, tracked as CVE-2026-48613. This vulnerability occurs due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. The vulnerability affects phpBB forums that were updated from versions prior to phpBB 3.3.8 and have not been updated to 3.3.11 or newer yet. The CVSS s [truncated]
CVE-2026-48612 is a HIGH-severity vulnerability (CVSS Score: 8) that affects an unknown vendor's product. The vulnerability is caused by improper state verification in the OAuth implementation, which could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to an attacker-controlled account. This can result in unauthorized account linking and potential account takeover.
CVE-2026-48611 is a critical vulnerability with a CVSS score of 9.8. The vulnerability is caused by improper authentication checks in the OAuth implementation, which allows account hijacking even when OAuth is not configured or enabled. This leads to unauthorized access in default installations.
CVE-2026-47366 is a HIGH severity vulnerability in PhpBB, with a CVSS score of 7.2. The vulnerability is caused by improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP). This allows an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative int [truncated]