CVE-2026-5781 in Minervainformation

Résumé

par MITRE • 28/04/2026

An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitation of this vulnerability could allow an authenticated user to obtain administrator privileges. It is not possible to escalate privileges through the graphical user interface.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

INCIBE

Réserver

08/04/2026

Divulgation

28/04/2026

Modérer

accepté

Entrée

VDB-359970

CPE

prêt

CWE

CWE-285 (confirmé)

CVSS

8.8 (NVD)

EPSS

0.00050

KEV

non

Activités

très faible

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-5781
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-5781
CVE Details	https://www.cvedetails.com/cve/CVE-2026-5781/

◂ Précédent Aperçu Suivant ▸

Do you know our Splunk app?

Download it now for free!