CVE-2026-35676 — phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Atta — CVE Database · The Intelligence Room