A vulnerability described as problematic has been identified in SimpleMachines SMF up to 2.1.7. Impacted is the function check of the file Sources/Actions/AttachmentApprove.php of the component Attachment Approval. Executing a manipulation can lead to authorization bypass.

This vulnerability is handled as CVE-2026-39903. The attack can be executed remotely. There is not any exploit available.