High severity8.8NVD Advisory· Published Apr 28, 2026· Updated May 5, 2026
CVE-2026-5779
CVE-2026-5779
Description
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an authenticated user to modify other users' information, such as their email address, and request a new password via the '/webconnect/#/forgotPassword' endpoint. This could lead to complete account takeover.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- cpe:2.3:a:agilonhealth:minerva:3.6.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
1- www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-mphrxs-minervanvdThird Party Advisory
News mentions
0No linked articles in our index yet.