PT-2026-35721 · Mpgabinet · Mpgabinet
Kamil Szczurowski
+1
·
Published
2026-04-28
·
Updated
2026-04-28
·
CVE-2026-40551
CVSS v4.0
8.4
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
mpGabinet versions prior to 23.12.20
Description
mpGabinet performs client-side authentication, which is a process where the verification of user credentials happens on the user's device rather than the server. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary to authenticate as an arbitrary user.
Recommendations
Update to a version later than 23.12.19.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mpgabinet