CVE-2026-42569: phpVMS has an /importer authorization bypass causing full database wipe

Severity: Critical

CVSS Score: 9.4

phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been patched in version 7.0.6.