CVE-2026-40550 in mpGabinetinfo

Zusammenfassung

von MITRE • 28.04.2026

mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any running application instance connected to the backend server can extract database credentials from the application’s memory by inspecting the running process. While ability to retrieve credentials from memory is expected behavior, the exposed credentials grant administrative access to the database, exceeding the privileges required for normal application functionality. This allows an attacker to perform actions beyond those permitted through the application interface.

This issue affects mpGabinet version 23.12.19 and below.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

CERT-PL

Reservieren

14.04.2026

Veröffentlichung

28.04.2026

Moderieren

akzeptiert

Eintrag

VDB-359975

CPE

bereit

CWE

CWE-250 (bestätigt)

CVSS

4.0 (VulDB)

EPSS

0.00020

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-40550
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-40550
CVE Details	https://www.cvedetails.com/cve/CVE-2026-40550/

◂ Zurück Übersicht Weiter ▸

Interested in the pricing of exploits?

See the underground prices here!