PatchSiren cyber security CVE debrief
CVE-2026-57697 Metagauss CVE debrief
A critical vulnerability was found in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities. This affects an unknown part of the component ProfileGrid, allowing for authentication bypass using an alternate path or channel. The exploit has been disclosed to the public and may be used. The identifier VDB-273254 was assigned to this vulnerability. Users of Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities should be aware of this vulnerability and take appropriate measures to secure their installations.
- Vendor
- Metagauss
- Product
- ProfileGrid
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities, operators, platform administrators, vulnerability management teams, and security teams should be aware of this vulnerability and take appropriate measures to secure their installations.
Technical summary
The CVE-2026-57697 vulnerability is an Authentication Bypass Using an Alternate Path or Channel issue in the Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities plugin. This issue allows for Password Recovery Exploitation and affects the plugin from n/a through version 5.9.9.6. The vulnerability has been disclosed, and users should take immediate action to secure their systems.
Defensive priority
High
Recommended defensive actions
- Apply the latest patch or update to version 5.9.9.7 or later
- Restrict access to the affected component
- Monitor for suspicious activity
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record was published on 2026-07-13T10:16:37.143Z and has not been modified since then. The NVD entry is currently in the 'Received' status. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The exploit has been disclosed to the public and may be used. Users should exercise caution and consider the potential impact on their systems.
Official resources
-
CVE-2026-57697 CVE record
CVE.org
-
CVE-2026-57697 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:37.143Z and has not been modified since then.