Misp
This hub aggregates every CVE we track for Misp, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.
124
CVEs tracked
25
Critical
25
High
0
In CISA KEV
Severity distribution
MEDIUM74HIGH25CRITICAL25
Monthly trend
0
2
0
0
0
0
1
3
0
0
0
0
0
0
0
2
1
0
0
0
1
6
13
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Misp.
- CVE-2026-56447MISP remote code execution via arbitrary rdkafka configuration path7.2
- CVE-2026-56446Authenticated Remote Code Execution via Arbitrary NDJSON Error Log Path in MISP7.2
- CVE-2026-56425MISP AAD authentication plugin - Improper OAuth State Handling, Missing Session Rotation, Insecure Redirect URI Validation, and Log Injection8.8
- CVE-2026-56424Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, templates, and decaying models8.8
- CVE-2026-56423MISP Core: Broken access control allows instance-wide unauthorized deletion of event reports and sharing groups via bulk deletion endpoints8.8
- CVE-2026-10864MISP Dashboard widget field selection may expose restricted user and organisation data4.3
- CVE-2026-10863MISP User-controlled order parameter in correlations over-correlation endpoint8.1
- CVE-2026-10860MISP CRUDComponent delete validation bypass via operator precedence error6.5
- CVE-2026-10861MISP post-login open redirect via pre_login_requested_url6.1
- CVE-2026-10856Open redirect in MISP dashboard button widget URL handling6.1
- CVE-2026-10855MISP Event template importer authorization bypass4.3
- CVE-2026-10854Unauthorized exposure of private galaxies in MISP event template creation4.3
- CVE-2026-10611OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled10.0
- CVE-2026-9137CSP Report Endpoint Log Flooding in MISP via Incorrect Size Limit7.5
- CVE-2026-9136Unauthorized ShadowAttribute modification in MISP via client-supplied identifier6.5
Product normalization is registry-driven with AI assist and human review. How it works