EUVD-2026-26045

ID: EUVD-2026-26045

Severity: high

CVSS v4: 8.4 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19 and below.

Timestamps

Normalized: 2026-04-28T15:13:05Z UTC
Last updated: 2026-04-28T15:13:05Z UTC

References

No references provided.

VulnAI

EUVD-2026-26045

Description

Timestamps

References