A vulnerability was found in MyBB up to 1.8.40 and classified as critical . This impacts the function verify_usergroup of the component User Module . Such manipulation leads to improper privilege management. This vulnerability is traded as CVE-2026-58054 . The attack may be launched remotely. Furthermore, there is an exploit available.