misp
Security Productsoss-project
Latest CVEs
The 15 most recently published vulnerabilities affecting misp.
- CVE-2026-56447MISP remote code execution via arbitrary rdkafka configuration path7.2
- CVE-2026-56446Authenticated Remote Code Execution via Arbitrary NDJSON Error Log Path in MISP7.2
- CVE-2026-56425MISP AAD authentication plugin - Improper OAuth State Handling, Missing Session Rotation, Insecure Redirect URI Validation, and Log Injection8.8
- CVE-2026-56424Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, templates, and decaying models8.8
- CVE-2026-56423MISP Core: Broken access control allows instance-wide unauthorized deletion of event reports and sharing groups via bulk deletion endpoints8.8
- CVE-2026-10864MISP Dashboard widget field selection may expose restricted user and organisation data4.3
- CVE-2026-10863MISP User-controlled order parameter in correlations over-correlation endpoint8.1
- CVE-2026-10860MISP CRUDComponent delete validation bypass via operator precedence error6.5
- CVE-2026-10861MISP post-login open redirect via pre_login_requested_url6.1
- CVE-2026-10856Open redirect in MISP dashboard button widget URL handling6.1
- CVE-2026-10855MISP Event template importer authorization bypass4.3
- CVE-2026-10854Unauthorized exposure of private galaxies in MISP event template creation4.3
- CVE-2026-10611OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled10.0
- CVE-2026-9137CSP Report Endpoint Log Flooding in MISP via Incorrect Size Limit7.5
- CVE-2026-9136Unauthorized ShadowAttribute modification in MISP via client-supplied identifier6.5