Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

misp — Vulnerabilities & Security Advisories 40

Browse all 40 CVE security advisories affecting misp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MISP is an open-source threat intelligence platform designed for sharing cyber threat information between organizations. Historically, vulnerabilities in MISP have included remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation or access control issues. The platform's security characteristics emphasize collaborative information sharing, though past incidents have highlighted risks in default configurations and plugin vulnerabilities. With 9 CVEs on record, MISP remains widely adopted for threat intelligence sharing, requiring proper hardening and regular updates to mitigate potential exploitation risks. Organizations should implement strict access controls and validate all shared data to prevent misuse.

Top products by misp: MISP misp-modules cti-transmute bsimvis
CVE IDTitleCVSSSeverityPublished
CVE-2026-54398 MISP object edit authorization bypass allows unauthorized sharing group assignment — mispCWE-863--2026-06-12
CVE-2026-54397 MISP event editing allows unauthorized assignment to undisclosed sharing groups — mispCWE-863--2026-06-12
CVE-2026-54396 MISP AuthKey edit endpoint allows authenticated user email enumeration — mispCWE-200--2026-06-12
CVE-2026-54395 MISP UiBeta event index reflected XSS in advanced filter popup — mispCWE-79--2026-06-12
CVE-2026-54394 MISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG files — mispCWE-22--2026-06-12
CVE-2026-54393 MISP Overmind theme stored XSS via unvalidated homepage setting — mispCWE-79--2026-06-12
CVE-2026-54362 MISP template builder exposes non-visible custom galaxies across organisations — mispCWE-863--2026-06-12
CVE-2026-54361 MISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation records — mispCWE-639--2026-06-12
CVE-2026-54360 MISP sharing group creation mass assignment allows unauthorized takeover of existing sharing groups — mispCWE-639--2026-06-12
CVE-2026-54359 MISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by default — mispCWE-352--2026-06-12
CVE-2026-54358 MISP organization administrators can target site administrator accounts for password reset — mispCWE-863--2026-06-12
CVE-2026-54357 MISP improper authorization allows organization administrators to modify site administrator user settings — mispCWE-863--2026-06-12
CVE-2026-53693 MISP BSimVis stored cross-site scripting in tag and cluster rendering paths via unescaped tag metadata and UI labels — bsimvisCWE-79--2026-06-10
CVE-2026-10868 MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification — mispCWE-269--2026-06-04
CVE-2026-10864 MISP Dashboard widget field selection may expose restricted user and organisation data — mispCWE-200--2026-06-04
CVE-2026-10863 MISP User-controlled order parameter in correlations over-correlation endpoint — mispCWE-20--2026-06-04
CVE-2026-10860 MISP CRUDComponent delete validation bypass via operator precedence error — mispCWE-863--2026-06-04
CVE-2026-10861 MISP post-login open redirect via pre_login_requested_url — mispCWE-601--2026-06-04
CVE-2026-10856 Open redirect in MISP dashboard button widget URL handling — mispCWE-601--2026-06-04
CVE-2026-10855 MISP Event template importer authorization bypass — mispCWE-862--2026-06-04
CVE-2026-10854 Unauthorized exposure of private galaxies in MISP event template creation — mispCWE-200--2026-06-04
CVE-2026-10611 OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled — mispCWE-287--2026-06-02
CVE-2026-9806 Stored Cross-Site Scripting (XSS) in CTI Transmute Notification Panel via Malicious Convert Names — cti-transmuteCWE-79--2026-05-28
CVE-2026-9137 CSP Report Endpoint Log Flooding in MISP via Incorrect Size Limit — mispCWE-400--2026-05-20
CVE-2026-9136 Unauthorized ShadowAttribute modification in MISP via client-supplied identifier — mispCWE-639--2026-05-20
CVE-2026-9084 MISP OIDC authentication bypass via automatic email-based account linking under insecure IdP configurations — mispCWE-287--2026-05-20
CVE-2026-44379 MISP: Improper UUID validation in MISP Collections — MISPCWE-20--2026-05-13
CVE-2026-44380 MISP: Improper access control in auth key reset allows privilege escalation to site administrator — MISPCWE-863--2026-05-13
CVE-2026-44381 MISP: SQL injection via unvalidated ordering parameters in event and shadow attribute listings — MISPCWE-89--2026-05-13
CVE-2026-44363 Unsafe remote resource fetching in expansion misp-modules — misp-modulesCWE-295--2026-05-13

This page lists every published CVE security advisory associated with misp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.