CVE-2026-7891

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights are explicitly configured on that role. Anonymous users are required to make a Mendix Entity available publicly. All versions of Mendix Studio Pro up to 11.8.0 Beta silently make an Anonymous user role follow user inheritance rules, without mentioning this explicitly in the documentation.

CWE	CWE-277
Vendor	divd
Product	verysecureapp
Published	May 7, 2026

Stay Ahead of the Next One

Get instant alerts for divd verysecureapp

Be the first to know when new unknown vulnerabilities affecting divd verysecureapp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

DIVD / VerySecureApp

0 ≤ 1.1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

csirt.divd.nl: https://csirt.divd.nl/DIVD-2026-00006/ divd.nl: https://www.divd.nl/mendix.html