MphRx Minerva Privilege Escalation Vulnerability

Vulnerability

A vulnerability allowing privilege escalation has been identified in MphRx's Minerva version 3.6.0. This authorization vulnerability exists in the '/minerva/moUser/update' endpoint, where an authenticated user with user modification privileges can escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Exploiting this vulnerability could grant the user administrator privileges. Notably, this privilege escalation cannot be achieved through the graphical user interface.

Impact

Successful exploitation allows an authenticated user to gain administrator privileges.

Added: Apr 28, 2026, 1:23 PM

Updated: Apr 28, 2026, 1:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

6.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

6.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MphRx Minerva Privilege Escalation Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating