CVE-2026-40550 in mpGabinet情報

要約

〜によって MITRE • 2026年04月28日

mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any running application instance connected to the backend server can extract database credentials from the application’s memory by inspecting the running process. While ability to retrieve credentials from memory is expected behavior, the exposed credentials grant administrative access to the database, exceeding the privileges required for normal application functionality. This allows an attacker to perform actions beyond those permitted through the application interface.

This issue affects mpGabinet version 23.12.19 and below.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

CERT-PL

予約する

2026年04月14日

公開

2026年04月28日

モデレーション

承諾済み

エントリ

VDB-359975

CPE

準備完了

CWE

CWE-250 (確認済み)

CVSS

4.0 (VulDB)

EPSS

0.00020

KEV

いいえ

アクティビティ

非常低い

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-40550
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-40550
CVE Details	https://www.cvedetails.com/cve/CVE-2026-40550/

◂ 前概要次 ▸

Want to know what is going to be exploited?

We predict KEV entries!