CVE-2026-46365
EUVD-2026-3060015.05.2026, 19:17
phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/{tagId} endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid session cookie, resulting in permanent data loss and disruption of FAQ organization.EnginsightAwaiting analysis
This vulnerability is currently awaiting analysis.
Common Weakness Enumeration