What is the severity of CVE-2026-42569?

CVE-2026-42569 has a CVSS v3 score of 9.4, which is classified as Critical severity.

Is there an exploit available for CVE-2026-42569?

Yes, there are known exploits available for CVE-2026-42569. Immediate patching is recommended.

Is there a patch available for CVE-2026-42569?

Yes, patches are available for CVE-2026-42569. Check the vendor advisories for update instructions.

CVE-2026-42569

Q: What is CVE-2026-42569?

# Security Advisory: Unauthenticated Access to Legacy Import Feature **Severity:** Critical **Affected versions:** phpVMS 7.x (up to 7.0.5) **Fixed in:** v7.0.6 **Component:** Legacy importer ## Summary A critical vulnerability in phpVMS 7.x allowed unauthenticated access to a legacy import feature. Although this feature is deprecated, parts of it remained accessible and operational. ## Impact A remote attacker could trigger internal processes that modify or delete application data, potentially resulting in: - Data loss - Service disruption No authentication was required. ## Remediation - **Update immediately** to [the latest patched version](https://github.com/phpvms/phpvms/releases/tag/7.0.7) - If unable to update: - The release link has instructions on how to fix it (it's a one-line fix to comment out the routes) ## Affected Versions * Affected: phpVMS 7.x ≤ 7.0.5 * Not affected: phpVMS >= 7.0.6, v8 (feature removed from public access)

Published: May 12, 2026

Last updated:13 hours ago (May 12, 2026)

Exploit: YesZero-day: NoPatch: YesTrend: Neutral

TL;DR

Updated May 12, 2026

CVE-2026-42569 is a critical severity vulnerability with a CVSS score of 9.4. Exploits are available; patches have been released and should be applied urgently.

Key Points

1Critical severity (CVSS 9.4/10)
2Public exploits are available
3Vendor patches are available
4Strobes Priority Score: 809/1000 (High)

Test this CVE with Agentic AI

Deploy autonomous AI agents to validate this vulnerability in your environment.

Severity Scores

CVSS v39.4

CVSS v20.0

Priority Score809.0

EPSS Score0.0

Critical

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

9.4

CVSS

Yes

Exploit

Yes

Patch

High Priority

exploit exists • critical severity

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Security Advisory: Unauthenticated Access to Legacy Import Feature

Severity: Critical Affected versions: phpVMS 7.x (up to 7.0.5) Fixed in: v7.0.6 Component: Legacy importer

Summary

A critical vulnerability in phpVMS 7.x allowed unauthenticated access to a legacy import feature. Although this feature is deprecated, parts of it remained accessible and operational.

Impact

A remote attacker could trigger internal processes that modify or delete application data, potentially resulting in:

Data loss
Service disruption

No authentication was required.

Remediation

Update immediately to the latest patched version
If unable to update:
- The release link has instructions on how to fix it (it's a one-line fix to comment out the routes)

Affected Versions

Affected: phpVMS 7.x ≤ 7.0.5
Not affected: phpVMS >= 7.0.6, v8 (feature removed from public access)

CVSS v3 Breakdown

Attack Vector:Network

Attack Complexity:Local

Privileges Required:Network

User Interaction:Network

Scope:Unchanged

Confidentiality:Local

Integrity:High

Availability:High

Exploit References

GitHub

Patch References

Github.com Github.com

Trend Analysis

Neutral

Advisories

GitHub Advisory NVD

Cite This Page

APA Format

Strobes VI. (2026). CVE-2026-42569 - CVE Details and Analysis. Strobes VI. Retrieved May 13, 2026, from https://vi.strobes.co/cve/CVE-2026-42569

Quick copy link + title

Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.

Security Advisory: Unauthenticated Access to Legacy Import Feature

Severity: Critical Affected versions: phpVMS 7.x (up to 7.0.5) Fixed in: v7.0.6 Component: Legacy importer

Summary

A critical vulnerability in phpVMS 7.x allowed unauthenticated access to a legacy import feature. Although this feature is deprecated, parts of it remained accessible and operational.

Impact

A remote attacker could trigger internal processes that modify or delete application data, potentially resulting in:

Data loss
Service disruption

No authentication was required.

Remediation

Update immediately to the latest patched version
If unable to update:
- The release link has instructions on how to fix it (it's a one-line fix to comment out the routes)

Affected Versions

Affected: phpVMS 7.x ≤ 7.0.5
Not affected: phpVMS >= 7.0.6, v8 (feature removed from public access)

CVE-2026-42569

Security Advisory: Unauthenticated Access to Legacy Import Feature

Summary

Impact

Remediation

Affected Versions

Ready for Agentic Automated Testing?

CVE-2026-42569

Security Advisory: Unauthenticated Access to Legacy Import Feature

Summary

Impact

Remediation

Affected Versions