Critical security vulnerability in phpBB
Verfasst: 16 Jun 2026, 10:04
Dear forum members,
as a precautionary measure, we are informing you today about a critical security vulnerability in the phpBB forum software we use (affects versions prior to 3.3.17; see, for example, https://www.aikido.dev/blog/phpbb-authe ... bypass-rce). Under certain circumstances, attackers may have been able to bypass the password entry process. We have no evidence of any misuse so far, but we cannot completely rule out unauthorized access to accounts and email addresses.
What this means for you:
Email address: Please be extra vigilant for suspicious emails (phishing/spam) in the coming days.
Profile/private messages: Data in your profile and your private messages may have been viewed.
Passwords: Your passwords are encrypted (hashed) and should therefore be safe.
Our actions:
We updated the forum to version phpBB 3.3.17 on June 12. This vulnerability in phpBB has thus been closed. We also reported the incident to the data protection authority in a timely manner.
What you should do now:
Change your password: Set a new password the next time you log in to the forum.
Stop reusing passwords: If you use the same password on other websites, please change it there as well.
Stay vigilant: Do not click on links or attachments in emails from unknown senders.
If you have any questions, please feel free to contact us at privacy@uib.de.
Sincerely,
Your UIB-Team
as a precautionary measure, we are informing you today about a critical security vulnerability in the phpBB forum software we use (affects versions prior to 3.3.17; see, for example, https://www.aikido.dev/blog/phpbb-authe ... bypass-rce). Under certain circumstances, attackers may have been able to bypass the password entry process. We have no evidence of any misuse so far, but we cannot completely rule out unauthorized access to accounts and email addresses.
What this means for you:
Email address: Please be extra vigilant for suspicious emails (phishing/spam) in the coming days.
Profile/private messages: Data in your profile and your private messages may have been viewed.
Passwords: Your passwords are encrypted (hashed) and should therefore be safe.
Our actions:
We updated the forum to version phpBB 3.3.17 on June 12. This vulnerability in phpBB has thus been closed. We also reported the incident to the data protection authority in a timely manner.
What you should do now:
Change your password: Set a new password the next time you log in to the forum.
Stop reusing passwords: If you use the same password on other websites, please change it there as well.
Stay vigilant: Do not click on links or attachments in emails from unknown senders.
If you have any questions, please feel free to contact us at privacy@uib.de.
Sincerely,
Your UIB-Team