CVE Catalog
CVE-2026-40794
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.28%
19th percentile - higher than 19% of all known CVEs
Summary
Versions of myCred up to 3.0.3 have a vulnerability in access control, allowing unauthorized access to subscriber resources.
Risk Assessment
Organizations may be exposed to unauthorized user actions, potentially leading to data loss or privacy breaches.
Recommendation
It is recommended to update myCred to the latest version to mitigate this security vulnerability.
Original NVD description (English source)
Subscriber Broken Access Control in myCred <= 3.0.3 versions.

