{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-47366: Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administra","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-47366","status":"final","version":"1","initial_release_date":"2026-06-12T02:27:43.441Z","current_release_date":"2026-06-12T12:26:51.773Z","revision_history":[{"date":"2026-06-12T02:27:43.441Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-47366 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-47366"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-47366"},{"category":"external","summary":"phpbb.com","url":"https://www.phpbb.com/community/viewtopic.php?t=2672170"}]},"product_tree":{"branches":[{"category":"vendor","name":"phpBB","branches":[{"category":"product_name","name":"phpBB","branches":[{"category":"product_version_range","name":">=3.3.0 <=3.3.16","product":{"name":"phpBB phpBB >=3.3.0 <=3.3.16","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:phpbb:phpbb:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-47366","title":"Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administra","notes":[{"category":"description","text":"Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1"]},"scores":[{"cvss_v3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH"},"products":["CSAFPID-1"]}],"remediations":[{"category":"none_available","details":"No fixed version is published yet. Monitor the upstream advisory.","product_ids":["CSAFPID-1"]}]}]}