CVE-2026-40551
Published: 28 April 2026
Summary
CVE-2026-40551 is a high-severity Use of Client-Side Authentication (CWE-603) vulnerability in Cert (inferred from references). Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Valid Accounts (T1078); ranked at the 3.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26045
- 🇵🇱 CERT-PL: cert.pl
Vulnerability details
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19…
more
and below.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Client-side authentication bypass directly enables authenticating as arbitrary/valid user accounts without credentials.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.