CVE-2026-47366

HIGH 7.2

CVSS Score

7.2

EPSS Score

0.0%

EPSS Percentile

0th

Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface.

CWE	CWE-284
Vendor	phpbb
Product	phpbb
Published	Jun 12, 2026

Stay Ahead of the Next One

Get instant alerts for phpbb phpbb

Be the first to know when new high vulnerabilities affecting phpbb phpbb are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Versions

phpBB / phpBB

3.3.0 ≤ 3.3.16

References

NVD ↗ CVE.org ↗ EPSS Data ↗

phpbb.com: https://www.phpbb.com/community/viewtopic.php?t=2672170