CVE-2026-5781 HIGH

CVE-2026-5781: Multiple vulnerabilities in MphRx's Minerva

Vendor Mphrx
Product Minerva
Weakness CWE-285
Published April 28, 2026
Last update April 28, 2026

CVSS base score

8.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

What the vulnerability does

01Description

An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitation of this vulnerability could allow an authenticated user to obtain administrator privileges. It is not possible to escalate privileges through the graphical user interface.

Key dates

02Disclosure timeline

April 28, 2026 CVE published
April 28, 2026 Record updated