CVE-2026-42569: phpVMS has an /importer authorization bypass causing full database wipe
(updated )
A critical vulnerability in phpVMS 7.x allowed unauthenticated access to a legacy import feature. Although this feature is deprecated, parts of it remained accessible and operational.
References
- github.com/advisories/GHSA-fv26-4939-62fh
- github.com/phpvms/phpvms/commit/f59ba8e0e8fc25c60c3faf14e526cfd49df3f7dc
- github.com/phpvms/phpvms/releases/tag/7.0.6
- github.com/phpvms/phpvms/releases/tag/7.0.7
- github.com/phpvms/phpvms/security/advisories/GHSA-fv26-4939-62fh
- nvd.nist.gov/vuln/detail/CVE-2026-42569
Code Behaviors & Features
Detect and mitigate CVE-2026-42569 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →