Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

PhpBB 3.3.17 security update

Security Patch Release
First reported
Last updated
Happening score
H score 34
2 unique sources, 2 articles

Summary

Hide ▲

phpBB released version 3.3.17 to fix PTT-2026-004 and PTT-2026-005, closing account-takeover flaws affecting forum deployments. The update is the only complete fix for PTT-2026-004 and requires administrators to upgrade.

Related Happenings

Ninja Forms – File Upload Plugin patch release (version 3.3.27)

Security Patch Release
H score28 First: 08.04.2026 18:10 Last: 08.04.2026 18:10 Sources 1

About this happening: **Ninja Forms – File Upload Plugin** received a **complete patch in version 3.3.27** after a **partial fix on February 10**, closing a critical upload flaw that left **thousands o...

Open Happening

Post SMTP development team security patch release for CVE-2025-11833

Security Patch Release
H score51 First: 05.11.2025 16:35 Last: 05.11.2025 16:35 Sources 1

About this happening: The **Post SMTP** development team released **version 3.6.1** on **Oct. 29** to fix **CVE-2025-11833**, closing a critical WordPress plug-in flaw that could let attackers take ove...

Open Happening

Timeline

  1. 09.06.2026 17:00 1 articles · 3d ago

    Pentest-Tools.com researcher reports phpBB account-takeover flaw

    Initial Disclosure

    Dan Stefan Alexandru of Pentest-Tools.com reported an authentication bypass in phpBB to the phpBB team on June 4. The flaw, tracked as PTT-2026-004 and rated 9.4 CVSS, lets an attacker hijack any account, including an administrator account, with a single unauthenticated request and no password.

    Show sources
    Open in new tab
  2. 09.06.2026 17:00 3 articles · 3d ago

    phpBB releases version 3.3.17 to fix account-takeover flaws

    Mitigation Patch Update

    phpBB released version 3.3.17 on June 6 to fix PTT-2026-004 and PTT-2026-005. The vendor said upgrading is the only complete fix for PTT-2026-004, and boards that cannot patch immediately can disable OAuth and revert to database authentication as a partial workaround for PTT-2026-005.

    Show sources
    Open in new tab