VYPR
Vendor

mpGabinet

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2026-40551HigApr 28, 2026
    risk 0.55cvss epss 0.00

    mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects…

  • CVE-2026-40550MedApr 28, 2026
    risk 0.45cvss epss 0.00

    mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any running application instance connected to the backend server can extract database credentials from the…

  • CVE-2026-40552MedApr 28, 2026
    risk 0.31cvss epss 0.00

    mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an…