CVE-2026-5780

Name of the Vulnerable Software and Affected Versions Minerva version 3.6.0

Description An insecure direct object reference (IDOR) issue exists in the '/minerva/moUser/show/' endpoint. An authenticated user can access data of other registered users and obtain a user list by modifying the ID variable. IDOR is a type of access control flaw where an application provides direct access to objects based on user-supplied input.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.