CVE 8.5 HIGH

Multiple vulnerabilities in MphRx’s Minerva_CVE-2026-5781

April 28, 2026 invoker category_cve

8.5 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Description

An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitation of this vulnerability could allow an authenticated user to obtain administrator privileges. It is not possible to escalate privileges through the graphical user interface.

AI Analysis

Authorization vulnerability allowing privilege escalation in MphRx's Minerva

Basic Information

ID CVE-2026-5781

Source INCIBE

Published Apr 28, 2026 at 11:44

Affected Product

Vendor MphRx

Product Minerva

Version 3.6.0

Affected Versions MphRx Minerva 3.6.0

CWE Classification

CWE-285

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor MphRx

Product Minerva

Version 3.6.0

References

www.incibe.es /en/incibe-cert/notices/aviso/multiple-vulnerabilities-mphrxs-minerva

{
    "lastseen": "",
    "description": "An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitation of this vulnerability could allow an authenticated user to obtain administrator privileges. It is not possible to escalate privileges through the graphical user interface.",
    "published": "2026-04-28T11:44:26.342Z",
    "modified": "2026-04-28T11:44:26.342Z",
    "type": "cve",
    "title": "Multiple vulnerabilities in MphRx's Minerva",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-mphrxs-minerva",
    "id": "CVE-2026-5781",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "MphRx Minerva 3.6.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Minerva",
    "version": "3.6.0",
    "vendor": "MphRx",
    "ai_description": "Authorization vulnerability allowing privilege escalation in MphRx's Minerva",
    "ai_severity": "High",
    "ai_vendor": "MphRx",
    "ai_product": "Minerva",
    "ai_version": "3.6.0",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply