CVE-2026-5781

Name of the Vulnerable Software and Affected Versions Minerva version 3.6.0

Description An authorization issue in the '/minerva/moUser/update' endpoint allows an authenticated user with user modification privileges to escalate their privileges to administrator. This is achieved by sending an HTTP request containing a manipulated identifier field. This action cannot be performed through the graphical user interface.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.