mpGabinet EUVD-2026-26044

Q: What is the CVSS score of EUVD-2026-26044?

EUVD-2026-26044 has a CVSS 4.0 base score of 6.9 (Medium). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-40550 MEDIUM

Execution with Unnecessary Privileges (CWE-250)

2026-04-28 CERT-PL

Privilege Escalation

6.9

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 28, 2026 - 14:30 vuln.today

CVSS changed

Apr 28, 2026 - 14:22 NVD

6.9 (MEDIUM)

EUVD ID Assigned

Apr 28, 2026 - 14:00 euvd

EUVD-2026-26044

Analysis Generated

Apr 28, 2026 - 14:00 vuln.today

CVE Published

Apr 28, 2026 - 13:12 nvd

MEDIUM 6.9

DescriptionNVD

mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any running application instance connected to the backend server can extract database credentials from the application’s memory by inspecting the running process. While ability to retrieve credentials from memory is expected behavior, the exposed credentials grant administrative access to the database, exceeding the privileges required for normal application functionality. This allows an attacker to perform actions beyond those permitted through the application interface.

This issue affects mpGabinet version 23.12.19 and below.

AnalysisAI

mpGabinet 23.12.19 and earlier suffers from privilege escalation due to excessive database privileges assigned to the application service account. An attacker with local access to extract database credentials from the application process memory gains administrative database access, enabling unauthorized actions beyond what the application interface permits. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-26044 vulnerability details – vuln.today

Back

mpGabinet EUVD-2026-26044

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

mpGabinet EUVD-2026-26044

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code