PatchSiren cyber security CVE debrief
CVE-2026-40775 Royal Plugins CVE debrief
CVE-2026-40775 is a HIGH severity vulnerability with a CVSS score of 7.3. It is an Unauthenticated Broken Access Control issue affecting Royal MCP plugin versions up to 1.4.2.
- Vendor
- Royal Plugins
- Product
- Royal MCP
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Royal MCP plugin versions up to 1.4.2 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
CVE-2026-40775 is caused by an Unauthenticated Broken Access Control issue in Royal MCP plugin versions up to 1.4.2. The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L and is classified under CWE-862.
Defensive priority
HIGH
Recommended defensive actions
- Update Royal MCP plugin to a version that fixes the Broken Access Control vulnerability.
- Restrict access to sensitive areas of the plugin until an update is available.
Evidence notes
Evidence for this CVE comes from Patchstack, as indicated by the reference [ref-4].
Official resources
-
CVE-2026-40775 CVE record
CVE.org
-
CVE-2026-40775 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-40775 was published on 2026-06-15T21:16:50.227Z and modified on 2026-06-15T21:24:32.790Z.