CVE-2026-44379— MISP: Improper UUID validation in MISP Collections
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44379
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MISP: Improper UUID validation in MISP Collections
Source: NVD (National Vulnerability Database)
Vulnerability Description
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues or unexpected behaviour in code paths that assume Collection UUIDs are valid identifiers. This vulnerability is fixed in 2.5.37.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
MISP 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MISP是MISP开源的一套开源的软件解决方案。该产品用于收集、存储、分发、共享网络安全指标,并具有威胁网络安全事件分析和恶意软件分析等功能。 MISP 2.5.37之前版本存在输入验证错误漏洞,该漏洞源于MISP Collections未对uuid字段强制执行RFC 4122 UUID验证,可能导致用户提交格式错误的UUID值。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-44379
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44379
请登录查看更多情报信息。
- https://github.com/MISP/MISP/security/advisories/GHSA-jrvj-84mg-8f29x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2026-44379
Same Patch Batch · MISP · 2026-05-13 · 5 CVEs total
| CVE-2026-44363 | Unsafe remote resource fetching in expansion misp-modules | |
| CVE-2026-44381 | MISP: SQL injection via unvalidated ordering parameters in event and shadow attribute list | |
| CVE-2026-44364 | misp-modules website - Missing CSRF protection in the website home blueprint | |
| CVE-2026-44380 | MISP: Improper access control in auth key reset allows privilege escalation to site admin |
IV. Related Vulnerabilities
Same product: MISP
- CVE-2026-44380
MISP: Improper access control in auth key reset allows priv - CVE-2026-44381
MISP: SQL injection via unvalidated ordering parameters in e - CVE-2026-8080
MISP core - Stored XSS in MISP template (old engine) element - CVE-2026-39962
LDAP injection in MISP ApacheAuthenticate when using a user- - CVE-2025-67906
MISP 安全漏洞
Same vendor: MISP
- CVE-2026-44380
MISP: Improper access control in auth key reset allows priv - CVE-2026-44381
MISP: SQL injection via unvalidated ordering parameters in e - CVE-2026-44363
Unsafe remote resource fetching in expansion misp-modules - CVE-2026-44364
misp-modules website - Missing CSRF protection in the websit - CVE-2026-8080
MISP core - Stored XSS in MISP template (old engine) element
Same weakness: CWE-20
- CVE-2026-31378
Apache OFBiz: JSON Attribute Override and URL Allowlist Bypa - CVE-2026-28751
filemanagement_storage_service has an improper input validat - CVE-2026-27891
Remote Code Execution (RCE) via Zip Slip in Plugin Upload Me - CVE-2026-45492
Microsoft Edge (Chromium-based) Security Feature Bypass Vuln - CVE-2026-45317
Open WebUI: Cross-Site Request Forgery (CSRF) via Image URL
V. Comments for CVE-2026-44379
No comments yet