Description
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an authenticated user to modify other users' information, such as their email address, and request a new password via the '/webconnect/#/forgotPassword' endpoint. This could lead to complete account takeover.
Published: 2026-04-28
Score: 9.4 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An insecure direct object reference in MphRx's Minerva allows an authenticated user to modify the profiles of other registered users. This is a CWE‑284: Improper Access Control vulnerability. Through the '/minerva/user/updateUserProfile' endpoint, a threat actor can alter personal data such as an email address and can then trigger a password reset via the '/webconnect/#/forgotPassword' endpoint, effectively taking over the target account.

Affected Systems

The vulnerability affects MphRx Minerva version 3.6.0. No other affected releases are listed.

Risk and Exploitability

The CVSS score of 9.4 indicates critical severity. The EPSS score is not available, and the vulnerability has not been catalogued in the CISA KEV list. Exploitation requires a valid authenticated session; once authenticated, the attacker can target any other user. The lack of a publicly disclosed fix amplifies the risk until the vendor releases a patch or workaround.

Generated by OpenCVE AI on April 28, 2026 at 23:20 UTC.

Remediation

Vendor Solution

No solution has been reported yet.

OpenCVE Recommended Actions

  • Restrict the '/minerva/user/updateUserProfile' endpoint so that only the owning user or privileged administrators can invoke it.
  • Disable or tightly restrict the password‑reset flow so that email changes require additional verification steps.
  • Set up auditing and alerting on profile change events to detect anomalous activity.
  • Monitor the vendor site for a patch release and apply it as soon as it becomes available.

Generated by OpenCVE AI on April 28, 2026 at 23:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Agilonhealth
Agilonhealth minerva
CPEs cpe:2.3:a:agilonhealth:minerva:3.6.0:*:*:*:*:*:*:*
Vendors & Products Agilonhealth
Agilonhealth minerva
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Wed, 29 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Mphrx
Mphrx minerva
Vendors & Products Mphrx
Mphrx minerva

Tue, 28 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Description An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an authenticated user to modify other users' information, such as their email address, and request a new password via the '/webconnect/#/forgotPassword' endpoint. This could lead to complete account takeover.
Title Multiple vulnerabilities in MphRx's Minerva
Weaknesses CWE-284
References
Metrics cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H'}

Subscriptions

Agilonhealth Minerva
Mphrx Minerva
cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published:

Updated: 2026-04-28T13:45:36.183Z

Reserved: 2026-04-08T08:32:46.515Z

Link: CVE-2026-5779

cve-icon Vulnrichment

Updated: 2026-04-28T13:45:33.617Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-28T13:19:22.420

Modified: 2026-05-05T14:20:48.227

Link: CVE-2026-5779

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T10:10:52Z

Weaknesses