CVE-2026-39903
Simple Machines Forum Authorization Bypass via AttachmentApprove.php
CVSS Score
7.1
EPSS Score
0.0%
EPSS Percentile
0th
Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An authenticated low-privileged user can approve, reject, or delete any pending attachments on any board without holding the required approve_posts permission, bypass moderation queues for their own uploads, and enumerate and delete other users' pending attachments.
| CWE | CWE-863 |
| Vendor | simplemachines |
| Product | smf |
| Published | Jul 10, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for simplemachines smf
Be the first to know when new high vulnerabilities affecting simplemachines smf are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
Low
Affected Versions
SimpleMachines / SMF
2.1.0 โค 2.1.7 3.0.0
References
github.com: https://github.com/SimpleMachines/SMF/pull/9182 github.com: https://github.com/SimpleMachines/SMF/pull/9181 github.com: https://github.com/SimpleMachines/SMF/commit/7d048f8d66aab9af51cd6ee110fbad103cf673e8 github.com: https://github.com/SimpleMachines/SMF/commit/a7875e876a647572dd4c45da881b875092caac3d vulncheck.com: https://www.vulncheck.com/advisories/simple-machines-forum-authorization-bypass-via-attachmentapprove-php
Credits
Elure (Marasescu Mihnea-Luca) VulnCheck