CVE-2026-42569

EUVD-2026-28930
phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been patched in version 7.0.6.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
GitHub_MCNA
9.4 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
phpvmsphpvms
𝑥
< 7.0.6
CNA
Common Weakness Enumeration
References
https://github.com/phpvms/phpvms/commit/f59ba8e0e8fc25c60c3faf14e526cfd49df3f7dc
https://github.com/phpvms/phpvms/releases/tag/7.0.6
https://github.com/phpvms/phpvms/releases/tag/7.0.7
https://github.com/phpvms/phpvms/security/advisories/GHSA-fv26-4939-62fh