By vendor

Misp-Project vulnerabilities

Known CVEs affecting Misp-Project products, prioritized by severity, with SEC.co remediation and detection guidance.

7 published vulnerabilities

  • CVE-2026-10863HIGH 8.1

    A vulnerability in MISP's correlations endpoint allowed authenticated users to manipulate how search results were ordered by injecting values into the order parameter. Rather than applying a server-defined sort, the application accepted user input that could be passed unsafely to the database layer. An attacker with valid credentials could exploit this to reorder results in ways the application designers didn't intend, potentially exposing information through creative query construction or gaining visibility into data the endpoint should have restricted.

  • CVE-2026-10860MEDIUM 6.5

    CVE-2026-10860 is a logic error in MISP's delete handler that allows authenticated users to bypass validation checks and delete records they shouldn't be able to. The flaw stems from a missing parenthesis in the conditional logic that evaluates HTTP DELETE requests, causing the validator to be skipped when a DELETE method is used. While an attacker must already be authenticated, they can exploit this to circumvent application-level protections and remove protected data.

  • CVE-2026-10856MEDIUM 6.1

    MISP dashboard widgets contain a URL validation flaw that allows attackers to craft malicious buttons appearing to link within the application while actually redirecting users to external sites. The vulnerability stems from incomplete validation that accepts paths like '/\example.com', which browsers may normalize into scheme-relative URLs pointing to attacker-controlled domains. An attacker with dashboard configuration access can embed these crafted buttons to redirect legitimate users, creating phishing and credential-theft opportunities.

  • CVE-2026-10861MEDIUM 6.1

    MISP, a widely-used threat intelligence sharing platform, contains an open redirect vulnerability in its post-login redirect logic. When a user logs in, the application redirects them to a URL stored in the session without properly validating that the destination is actually part of the MISP application. An attacker can craft a malicious link that tricks users into visiting their legitimate MISP instance, then redirects them to an attacker-controlled website after they authenticate. This could be weaponized for phishing by appearing to come from a trusted source or to deliver malware from a domain the victim might not otherwise visit.

  • CVE-2026-10854MEDIUM 4.3

    CVE-2026-10854 is a visibility control flaw in MISP's event template creation feature that allowed unauthorized users to see private galaxy data from other organizations. When creating an event template, the system listed all enabled galaxies without checking whether the user's organization owned them or whether they were marked private. This exposed sensitive metadata like galaxy type and description to users who shouldn't have access. The vulnerability requires authentication to exploit and affects only information disclosure—no data modification or denial of service is possible. MISP has patched the issue by filtering galaxy visibility based on organization ownership and distribution settings.

  • CVE-2026-10855MEDIUM 4.3

    MISP, a threat intelligence platform, contained an authorization flaw in its event template import feature. When an authenticated user attempted to overwrite an existing event template, the system verified that a template with that name existed but failed to check whether the importing user's organization actually owned it. This allowed users from one organization to forcibly overwrite event templates belonging to other organizations. The flaw only affected non-administrator users; site administrators retained the ability to manage templates across organizational boundaries by design. The vulnerability has been remediated by adding an ownership verification step before permitting any template overwrite operation.

  • CVE-2026-10864MEDIUM 4.3

    A flaw in MISP's dashboard widgets allows authenticated users with low-level access to bypass field restrictions and view sensitive information they shouldn't have access to. By manipulating which data fields the New Users and New Organisations widgets display, attackers can circumvent settings designed to hide user email addresses and other restricted organization metadata. The vulnerability stems from how the application processes field filtering—if redaction leaves the field list empty, it falls back to returning unfiltered data instead of enforcing safe defaults.