CVE 9.4 CRITICAL

Multiple vulnerabilities in MphRx’s Minerva_CVE-2026-5779

April 28, 2026 invoker category_cve

9.4 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H

Description

An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an authenticated user to modify other users' information, such as their email address, and request a new password via the '/webconnect/#/forgotPassword' endpoint. This could lead to complete account takeover.

AI Analysis

Insecure direct object reference (IDOR) vulnerability allowing authenticated users to modify other users' information

Basic Information

ID CVE-2026-5779

Source INCIBE

Published Apr 28, 2026 at 11:41

Affected Product

Vendor MphRx

Product Minerva

Version 3.6.0

Affected Versions MphRx Minerva 3.6.0

CWE Classification

CWE-284

AI Assessment

AI Score 9.4 / 10

AI Severity Critical

Vendor MphRx

Product Minerva

Version 3.6.0

References

www.incibe.es /en/incibe-cert/notices/aviso/multiple-vulnerabilities-mphrxs-minerva

{
    "lastseen": "",
    "description": "An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an authenticated user to modify other users' information, such as their email address, and request a new password via the '/webconnect/#/forgotPassword' endpoint. This could lead to complete account takeover.",
    "published": "2026-04-28T11:41:35.416Z",
    "modified": "2026-04-28T11:41:35.416Z",
    "type": "cve",
    "title": "Multiple vulnerabilities in MphRx's Minerva",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-mphrxs-minerva",
    "id": "CVE-2026-5779",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "MphRx Minerva 3.6.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Minerva",
    "version": "3.6.0",
    "vendor": "MphRx",
    "ai_description": "Insecure direct object reference (IDOR) vulnerability allowing authenticated users to modify other users' information",
    "ai_severity": "Critical",
    "ai_vendor": "MphRx",
    "ai_product": "Minerva",
    "ai_version": "3.6.0",
    "ai_score": 9.4
}

💭 Join the Security Discussion ❌ Cancel Reply