High severity8.8NVD Advisory· Published Apr 28, 2026· Updated May 28, 2026
CVE-2026-5781
CVE-2026-5781
Description
An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitation of this vulnerability could allow an authenticated user to obtain administrator privileges. It is not possible to escalate privileges through the graphical user interface.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:agilonhealth:minerva:3.6.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
1- www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-mphrxs-minervanvdThird Party Advisory
News mentions
0No linked articles in our index yet.