PatchSiren

WP Engine CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH WP Engine CVE published 2026-06-15

CVE-2026-49062

A high-severity Authentication Bypass Using an Alternate Path or Channel vulnerability was discovered in WP Engine Faust.Js, allowing for Password Recovery Exploitation. This issue affects Faust.Js versions from n/a through 1.8.7, with a CVSS score of 8.8.