CVE-2026-44379

MEDIUM EPSS 7.5%
Published May 13, 20261mo ago · Modified Jun 22, 20261w ago
5.3 CVSS 4.0
Medium
Find Similar
Published May 13, 2026 1mo ago
Last Modified Jun 22, 2026 1w ago

Description

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues or unexpected behaviour in code paths that assume Collection UUIDs are valid identifiers. This vulnerability is fixed in 2.5.37.

CVSS Details

Base Score
5.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
7.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 1

VendorProductVersionRange
misp-projectmisp* <2.5.37

References 2

  • github.com https://github.com/MISP/MISP/commit/f8b20358c3cd8fd3d784452901876f2db0acbf05
    Patch
  • github.com https://github.com/MISP/MISP/security/advisories/GHSA-jrvj-84mg-8f29
    Third Party Advisory

Remediation

  • github.com https://github.com/MISP/MISP/commit/f8b20358c3cd8fd3d784452901876f2db0acbf05
    Patch