CVE-2026-5781

Published: Apr 28, 2026

Modified: Apr 28, 2026

PUBLISHED

Description

An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitation of this vulnerability could allow an authenticated user to obtain administrator privileges. It is not possible to escalate privileges through the graphical user interface.

Vendor	Product	Versions
MphRx	Minerva	affected `3.6.0`

Weaknesses (CWE)

CWE-285

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-mphrxs-minerva

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-5781

Description

Affected Products

Weaknesses (CWE)

References