CVE Catalog

CVE-2026-40794

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

19th percentile - higher than 19% of all known CVEs

Summary

Versions of myCred up to 3.0.3 have a vulnerability in access control, allowing unauthorized access to subscriber resources.

Risk Assessment

Organizations may be exposed to unauthorized user actions, potentially leading to data loss or privacy breaches.

Recommendation

It is recommended to update myCred to the latest version to mitigate this security vulnerability.

Original NVD description (English source)

Subscriber Broken Access Control in myCred <= 3.0.3 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS