CVE-2026-56396: phpMyFAQ Privilege Escalation Vulnerability
A vulnerability in phpMyFAQ before version 4.1.4 allows authenticated administrators to escalate privileges due to missing authorization in the editUser() and updateUserRights() endpoints. Non-SuperAdmin users with edit_user permission can exploit this to gain SuperAdmin access. The vulnerability has a CVSS score of 8.8.