Skip to main content

mpGabinet EUVDEUVD-2026-26044

| CVE-2026-40550 MEDIUM
Execution with Unnecessary Privileges (CWE-250)
2026-04-28 CERT-PL
6.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Generated
Apr 28, 2026 - 14:30 vuln.today
CVSS changed
Apr 28, 2026 - 14:22 NVD
6.9 (MEDIUM)
EUVD ID Assigned
Apr 28, 2026 - 14:00 euvd
EUVD-2026-26044
Analysis Generated
Apr 28, 2026 - 14:00 vuln.today
CVE Published
Apr 28, 2026 - 13:12 nvd
MEDIUM 6.9

DescriptionCVE.org

mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any running application instance connected to the backend server can extract database credentials from the application’s memory by inspecting the running process. While ability to retrieve credentials from memory is expected behavior, the exposed credentials grant administrative access to the database, exceeding the privileges required for normal application functionality. This allows an attacker to perform actions beyond those permitted through the application interface.

This issue affects mpGabinet version 23.12.19 and below.

AnalysisAI

mpGabinet 23.12.19 and earlier suffers from privilege escalation due to excessive database privileges assigned to the application service account. An attacker with local access to extract database credentials from the application process memory gains administrative database access, enabling unauthorized actions beyond what the application interface permits. CVSS 6.9 indicates high confidentiality impact from local access without authentication; no active exploitation confirmed in CISA KEV at time of analysis.

Technical ContextAI

mpGabinet (Binsoft) is a database-backed application that connects to a backend database server using embedded credentials. The vulnerability stems from CWE-250 (Execution with Unnecessary Privileges): the service account used by the application holds full administrative rights to the database, violating the principle of least privilege. When an attacker gains local access to the system running mpGabinet, they can inspect the running application process memory using standard OS tools (e.g., debugger, memory dump utilities) to extract plaintext or weakly obfuscated database credentials. Once obtained, these credentials allow direct database manipulation, bypassing application-level access controls entirely.

RemediationAI

Apply vendor-released patch to mpGabinet version 23.12.20 or later immediately. Primary mitigation: reconfigure the database service account to use the principle of least privilege-grant only SELECT, INSERT, UPDATE, DELETE permissions on application-required tables, and revoke administrative rights (DROP, ALTER, CREATE, GRANT). Immediate compensating controls if patching is delayed: (1) Restrict local system access to mpGabinet host via SSH key-based authentication and disable password login to prevent unauthorized process inspection. (2) Enable OS-level memory protection (e.g., Linux CONFIG_HARDENED_USERCOPY, Windows DEP/ASLR) to increase difficulty of credential extraction, though this does not eliminate the risk if local code execution is achieved. (3) Implement database connection pooling with read-only credentials for application queries where possible, reserving administrative credentials for schema management only. (4) Monitor process memory access attempts using OS audit logging and EDR solutions. (5) Rotate database credentials regularly and audit all administrative access to the database. Side effect of least-privilege database account: schema migrations and backup operations may require a separate elevated account or manual DBA intervention.

Share

EUVD-2026-26044 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy