CVE-2026-5779
Multiple vulnerabilities in MphRx's Minerva
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an authenticated user to modify other users' information, such as their email address, and request a new password via the '/webconnect/#/forgotPassword' endpoint. This could lead to complete account takeover.
| CWE | CWE-284 |
| Vendor | mphrx |
| Product | minerva |
| Published | Apr 28, 2026 |
| Last Updated | Apr 28, 2026 |
Stay Ahead of the Next One
Get instant alerts for mphrx minerva
Be the first to know when new unknown vulnerabilities affecting mphrx minerva are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
Affected Versions
MphRx / Minerva
3.6.0
References
Credits
Alejandro Rivera LeΓ³n