A vulnerability described as problematic has been identified in phpIPAM. This affects an unknown function of the component API. Executing a manipulation can lead to improper control of filename for include/require statement in php program (‘php remote file inclusion’).
This vulnerability appears as CVE-2026-12194. The attack may be performed from remote. There is no available exploit.
It is best practice to apply a patch to resolve this issue.