HIGH
Agilonhealth
CVE published 2026-04-28
CVE-2026-5781
An authorization vulnerability in MphRx's Minerva V3.6.0 allows authenticated users with user modification privileges to escalate to administrator privileges by manipulating the 'identifier' field in HTTP requests to the '/minerva/moUser/update' endpoint. The vulnerability cannot be exploited through the graphical user interface, requiring direct HTTP request manipulation. The issue was published by NVD o [truncated]