Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%

misp — Vulnerabilities & Security Advisories 36

All 36 CVE vulnerabilities found in misp, with AI-generated Chinese analysis, references, and POCs.

This page presents a comprehensive aggregation of common weakness enumerations (CWE) associated with MISP, an open-source threat intelligence sharing platform developed by the Canadian Centre for Cyber Security. It collects vulnerability records related to MISP software components, dependencies, and related integrations, covering security issues reported from 2019 through the present. By analyzing this data, users can effectively track vendor advisory timelines for MISP releases, gain a deeper understanding of specific weakness classes such as injection flaws or improper access controls within the context of threat intelligence systems, and examine the historical vulnerability landscape of the product to assess risk exposure over time. The collection includes details on affected versions, public disclosure dates, and severity ratings to facilitate accurate risk assessment and remediation planning. Researchers and security practitioners can use these aggregated insights to identify recurring patterns in software defects, prioritize patching efforts based on exploitation potential, and compare MISP’s security posture against similar threat intelligence platforms. This resource supports proactive defense strategies by providing a centralized view of known weaknesses, enabling organizations to implement targeted security controls and maintain compliance with industry standards. The data is structured to support automated threat intelligence feeds and manual review, ensuring that stakeholders have access to timely and accurate information regarding software vulnerabilities.

Vendor: MISP

CVE IDTitleCVSSSeverityPublished
CVE-2026-54398 MISP object edit authorization bypass allows unauthorized sharing group assignment CWE-863--2026-06-12
CVE-2026-54397 MISP event editing allows unauthorized assignment to undisclosed sharing groups CWE-863--2026-06-12
CVE-2026-54396 MISP AuthKey edit endpoint allows authenticated user email enumeration CWE-200--2026-06-12
CVE-2026-54395 MISP UiBeta event index reflected XSS in advanced filter popup CWE-79--2026-06-12
CVE-2026-54394 MISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG files CWE-22--2026-06-12
CVE-2026-54393 MISP Overmind theme stored XSS via unvalidated homepage setting CWE-79--2026-06-12
CVE-2026-54362 MISP template builder exposes non-visible custom galaxies across organisations CWE-863--2026-06-12
CVE-2026-54361 MISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation records CWE-639--2026-06-12
CVE-2026-54360 MISP sharing group creation mass assignment allows unauthorized takeover of existing sharing groups CWE-639--2026-06-12
CVE-2026-54359 MISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by default CWE-352--2026-06-12
CVE-2026-54358 MISP organization administrators can target site administrator accounts for password reset CWE-863--2026-06-12
CVE-2026-54357 MISP improper authorization allows organization administrators to modify site administrator user settings CWE-863--2026-06-12
CVE-2026-10868 MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification CWE-269--2026-06-04
CVE-2026-10864 MISP Dashboard widget field selection may expose restricted user and organisation data CWE-200--2026-06-04
CVE-2026-10863 MISP User-controlled order parameter in correlations over-correlation endpoint CWE-20--2026-06-04
CVE-2026-10860 MISP CRUDComponent delete validation bypass via operator precedence error CWE-863--2026-06-04
CVE-2026-10861 MISP post-login open redirect via pre_login_requested_url CWE-601--2026-06-04
CVE-2026-10856 Open redirect in MISP dashboard button widget URL handling CWE-601--2026-06-04
CVE-2026-10855 MISP Event template importer authorization bypass CWE-862--2026-06-04
CVE-2026-10854 Unauthorized exposure of private galaxies in MISP event template creation CWE-200--2026-06-04
CVE-2026-10611 OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled CWE-287--2026-06-02
CVE-2026-9137 CSP Report Endpoint Log Flooding in MISP via Incorrect Size Limit CWE-400--2026-05-20
CVE-2026-9136 Unauthorized ShadowAttribute modification in MISP via client-supplied identifier CWE-639--2026-05-20
CVE-2026-9084 MISP OIDC authentication bypass via automatic email-based account linking under insecure IdP configurations CWE-287--2026-05-20
CVE-2026-44379 MISP: Improper UUID validation in MISP Collections CWE-20--2026-05-13
CVE-2026-44380 MISP: Improper access control in auth key reset allows privilege escalation to site administrator CWE-863--2026-05-13
CVE-2026-44381 MISP: SQL injection via unvalidated ordering parameters in event and shadow attribute listings CWE-89--2026-05-13
CVE-2026-8080 MISP core - Stored XSS in MISP template (old engine) element attribute type CWE-79 5.4AIMediumAI2026-05-07
CVE-2026-39962 LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable CWE-90 8.2AIHighAI2026-04-09
CVE-2025-67906 MISP 安全漏洞 CWE-79 5.4 Medium2025-12-15

All 36 known CVE vulnerabilities affecting misp with full Chinese analysis, references, and POCs where available.