CVE-2026-5781

EPSS 0.23%
Veröffentlicht 28.04.2026 11:44:26
Zuletzt bearbeitet 28.05.2026 13:57:24
Quelle cve-coordination@incibe.es
CVE-Watchlists
Login
Unerledigt
Login

Multiple vulnerabilities in MphRx's Minerva

An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitation of this vulnerability could allow an authenticated user to obtain administrator privileges. It is not possible to escalate privileges through the graphical user interface.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Agilonhealth ≫ Minerva Version3.6.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.138

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cve-coordination@incibe.es	8.5	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-mphrxs-minerva

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-5781

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-5781

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-5781

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-5781