Back to search
CVE-2026-40551
Published: Apr 28, 2026
Modified: Apr 28, 2026
PUBLISHED
Description
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19 and below.
| Vendor | Product | Versions |
|---|---|---|
BinSoft | mpGabinet | affected 0 - <= 23.12.19 |
Weaknesses (CWE)
References
https://cert.pl/posts/2026/04/CVE-2026-40550/
third-party-advisory
https://www.mpgabinet.pl/
product
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now