PatchSiren cyber security CVE debrief
CVE-2026-49062 WP Engine CVE debrief
A high-severity Authentication Bypass Using an Alternate Path or Channel vulnerability was discovered in WP Engine Faust.Js, allowing for Password Recovery Exploitation. This issue affects Faust.Js versions from n/a through 1.8.7, with a CVSS score of 8.8.
- Vendor
- WP Engine
- Product
- Faust.js
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of WP Engine Faust.Js, particularly those using versions from n/a through 1.8.7, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability, classified under CWE-288, allows for Authentication Bypass Using an Alternate Path or Channel. This could enable attackers to exploit the password recovery feature, potentially leading to unauthorized access.
Defensive priority
HIGH
Recommended defensive actions
- Update Faust.Js to a version beyond 1.8.7.
- Review and strengthen password recovery processes.
- Monitor for suspicious activity related to authentication and password recovery.
Evidence notes
The CVE record and details were obtained from official sources, including CVE.org and the National Vulnerability Database (NVD).
Official resources
-
CVE-2026-49062 CVE record
CVE.org
-
CVE-2026-49062 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-49062 was published and modified on 2026-06-15T14:16:35.727Z.