Use of Client-Side Authentication in mpGabinet_CVE-2026-40551

8.4 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Description

mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user.

This issue affects mpGabinet version 23.12.19 and below.

Basic Information

ID CVE-2026-40551

Source CERT-PL

Published Apr 28, 2026 at 13:13

Modified Apr 28, 2026 at 14:16

Affected Product

Vendor BinSoft

Product mpGabinet

Affected Versions BinSoft mpGabinet 0

CWE Classification

CWE-603

References

{
    "lastseen": "",
    "description": "mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user.  \n\nThis issue affects mpGabinet version 23.12.19 and below.",
    "published": "2026-04-28T13:13:21.692Z",
    "modified": "2026-04-28T14:16:14.744Z",
    "type": "cve",
    "title": "Use of Client-Side Authentication in mpGabinet",
    "source": "CERT-PL",
    "references": "https://cert.pl/posts/2026/04/CVE-2026-40550/\nhttps://www.mpgabinet.pl/",
    "id": "CVE-2026-40551",
    "bulletinFamily": "",
    "cwe": [
        "CWE-603"
    ],
    "cvelist": null,
    "sourceData": "BinSoft mpGabinet 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.4,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mpGabinet",
    "version": "0",
    "vendor": "BinSoft",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}