CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-57961

lowCVSS 2.7covered by 1 sourcefirst seen 2026-07-10
phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the concatenatePaths() function within src/phpMyFAQ/Export/Pdf/Wrapper.php. A user with FAQ editing privileges can store HTML containing crafted image paths that are processed during PDF generation. The path resolution logic locates the substring "content" within a user-controlled path using strpos(); when "content" is absent, strpos() returns false, which becomes 0 when cast to an integer, preserving the entire attacker-controlled path. This path is later passed to file_get_contents() without canonicalization or root-directory containment validation, which may allow reading of files outside the intended content directory.

⚡ Watch CVE-2026-57961

Get an email if CVE-2026-57961 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Advisory coverage (1)

External references

NVD record for CVE-2026-57961

CVE.org record

Embed the live status

CVE-2026-57961 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-57961 status](https://www.csirts.com/badge/CVE-2026-57961)](https://www.csirts.com/cve/CVE-2026-57961)