High severityNVD Advisory· Published Apr 28, 2026· Updated Apr 28, 2026

CVE-2026-40551

Description

mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user.

This issue affects mpGabinet version 23.12.19 and below.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert.pl/posts/2026/04/CVE-2026-40550/nvd
www.mpgabinet.plnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000