CVE-2026-56424

HIGH EPSS 28.0%
Published Jun 22, 20261w ago · Modified Jun 23, 20266d ago
7.1 CVSS 4.0
High
Find Similar
Published Jun 22, 2026 1w ago
Last Modified Jun 23, 2026 6d ago

Description

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could cause the application to authorize one object but mutate another, or could modify objects that were merely visible rather than editable by the user’s organization. The affected paths included: * Event Reports tag removal: the route-authorized report could differ from the report ID used for tag detachment, enabling cross-organization tag removal from another event report * Collection Elements bulk deletion: bulk deletion authorized against a collection whose ID matched the collection-element row ID, rather than the element’s actual parent collection, enabling deletion of elements from collections the user did not own. * Analyst Data capture/update: nested analyst data updates could overwrite an existing record without applying the normal canEditAnalystData ownership check, enabling cross-organization overwrite of analyst data records. * Template Elements editing: editing authorized against a template whose ID matched the template-element ID, rather than the element’s actual parent template, enabling unauthorized edits to another organization’s template elements. * Decaying Model editing and mappings: write paths loaded models using view-scope access but did not verify edit ownership, enabling users to edit or remap visible models owned by another organization.  Successful exploitation could allow an authenticated user with subsystem-specific permissions to perform unauthorized cross-organization modifications or deletions of MISP data, resulting in integrity loss, unauthorized tampering with shared intelligence, and disruption of analyst workflows.

CVSS Details

Base Score
7.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
28.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 3

CWE-639
CWE-862 Missing Authorization Authorization
CWE-863 Incorrect Authorization Authorization

Affected Products 1

VendorProductVersionRange
misp-projectmisp* <2.5.42

References 5

  • github.com https://github.com/MISP/MISP/commit/24d7e91339a3ef043652dd5799c36e5065b2bb4a
    Patch
  • github.com https://github.com/MISP/MISP/commit/3aecc04d5816189412b589cf590c6dbe9a8db5c0
    Patch
  • github.com https://github.com/MISP/MISP/commit/57ad774d21bd1863d060a9e6e73ae54eb96784ce
    Patch
  • github.com https://github.com/MISP/MISP/commit/744005cefdc3b943bd29669c3b34cc66a5fc2154
    Patch
  • github.com https://github.com/MISP/MISP/commit/ba2f51fe7440ba2c6043ccde858cac1e25f96931
    Patch

Remediation

  • github.com https://github.com/MISP/MISP/commit/24d7e91339a3ef043652dd5799c36e5065b2bb4a
    Patch
  • github.com https://github.com/MISP/MISP/commit/3aecc04d5816189412b589cf590c6dbe9a8db5c0
    Patch
  • github.com https://github.com/MISP/MISP/commit/57ad774d21bd1863d060a9e6e73ae54eb96784ce
    Patch
  • github.com https://github.com/MISP/MISP/commit/744005cefdc3b943bd29669c3b34cc66a5fc2154
    Patch
  • github.com https://github.com/MISP/MISP/commit/ba2f51fe7440ba2c6043ccde858cac1e25f96931
    Patch