Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2026-54359— MISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by default

AI Predicted 7.5 Difficulty: Easy EPSS 0.19% · P9

Affected Version Matrix 1

VendorProductVersion RangeStatus
mispmisp< 2.5.40affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-54359

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
MISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by default
Source: NVD (National Vulnerability Database)
Vulnerability Description
MISP contains an insecure default configuration in which the Security.check_sec_fetch_site_header control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJAX requests are not restricted based on the browser-provided Sec-Fetch-Site header. A remote unauthenticated attacker could craft a malicious web page that causes an authenticated MISP user’s browser to issue cross-site requests to MISP automation endpoints. If successful, the forged requests may be processed with the privileges of the victim user, potentially allowing unauthorized modification of MISP data or configuration. Enabling Security.check_sec_fetch_site_header mitigates this issue, although operators of multi-homed MISP deployments should validate the setting before enforcing it.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
MISP 配置错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MISP是MISP组织开源的一套开源的软件解决方案。 该产品用于收集、存储、分发、共享网络安全指标,并具有威胁网络安全事件分析和恶意软件分析等功能。 MISP 2.5.40之前版本存在安全漏洞,该漏洞源于安全配置中Security.check_sec_fetch_site_header控制被禁用,可能导致状态更改请求未基于浏览器提供的Sec-Fetch-Site标头进行限制,远程未经身份验证的攻击者可能制作恶意网页,造成经过身份验证的MISP用户的浏览器向MISP自动化端点发出跨站请求。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
mispmisp 0 ~ 2.5.40 -

II. Public POCs for CVE-2026-54359

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-54359

登录查看更多情报信息。

Patches & Fixes for CVE-2026-54359 (1)

Same Patch Batch · misp · 2026-06-12 · 12 CVEs total

CVE-2026-54358MISP organization administrators can target site administrator accounts for password reset
CVE-2026-54362MISP template builder exposes non-visible custom galaxies across organisations
CVE-2026-54398MISP object edit authorization bypass allows unauthorized sharing group assignment
CVE-2026-54396MISP AuthKey edit endpoint allows authenticated user email enumeration
CVE-2026-54394MISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG files
CVE-2026-54357MISP improper authorization allows organization administrators to modify site administrato
CVE-2026-54393MISP Overmind theme stored XSS via unvalidated homepage setting
CVE-2026-54395MISP UiBeta event index reflected XSS in advanced filter popup
CVE-2026-54397MISP event editing allows unauthorized assignment to undisclosed sharing groups
CVE-2026-54360MISP sharing group creation mass assignment allows unauthorized takeover of existing shari
CVE-2026-54361MISP mass assignment vulnerabilities allow unauthorized modification of ownership and dele

IV. Related Vulnerabilities

Same product: misp
Same vendor: misp
Same weakness: CWE-352

V. Comments for CVE-2026-54359

No comments yet

Leave a comment