CVE-2026-12194

PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is not enabled by default on installations.
CVSS

No CVSS.

Configurations

No configuration.

History

04 Jul 2026, 08:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-04 08:16

Updated : 2026-07-06 19:43


NVD link : CVE-2026-12194

Mitre link : CVE-2026-12194

CVE.ORG link : CVE-2026-12194


JSON object : View

Products Affected

No product.

CWE
CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')