PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57697 Metagauss CVE debrief

A critical vulnerability was found in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities. This affects an unknown part of the component ProfileGrid, allowing for authentication bypass using an alternate path or channel. The exploit has been disclosed to the public and may be used. The identifier VDB-273254 was assigned to this vulnerability. Users of Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities should be aware of this vulnerability and take appropriate measures to secure their installations.

Vendor
Metagauss
Product
ProfileGrid
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities, operators, platform administrators, vulnerability management teams, and security teams should be aware of this vulnerability and take appropriate measures to secure their installations.

Technical summary

The CVE-2026-57697 vulnerability is an Authentication Bypass Using an Alternate Path or Channel issue in the Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities plugin. This issue allows for Password Recovery Exploitation and affects the plugin from n/a through version 5.9.9.6. The vulnerability has been disclosed, and users should take immediate action to secure their systems.

Defensive priority

High

Recommended defensive actions

  • Apply the latest patch or update to version 5.9.9.7 or later
  • Restrict access to the affected component
  • Monitor for suspicious activity
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record was published on 2026-07-13T10:16:37.143Z and has not been modified since then. The NVD entry is currently in the 'Received' status. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The exploit has been disclosed to the public and may be used. Users should exercise caution and consider the potential impact on their systems.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:37.143Z and has not been modified since then.