CVE-2026-5779HIGH 8.8EPSS p16.3%

CVE-2026-5779CVE-2026-5779

Description

An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an authenticated user to modify other users' information, such as their email address, and request a new password via the '/webconnect/#/forgotPassword' endpoint. This could lead to complete account takeover.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.25% probability of exploitation · percentile 16.3% · 2026-06-19T12:03:05Z
Published2026-04-28
Last modified2026-05-05

Underlying weaknesses· 1

CWE-284

References

  1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-mphrxs-minerva

1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-5780
CVE
CVE-2026-5781
CVE
CVE-2025-41077
CVE
CVE-2026-10868
CVE
CVE-2026-25197
CVE
CVE-2026-5652
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.