MISP Event template importer authorization bypass
CVE-2026-10855

5.1MEDIUM

Key Information:

Vendor: Misp
Status: Misp
Vendor: CVE Published:; 4 June 2026

What is CVE-2026-10855?

An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the existing template. As a result, an authenticated user with access to the template import functionality could forcibly overwrite an event template owned by another organization.

Successful exploitation could allow unauthorized modification of another organization’s event template, potentially altering template structure, attributes, or metadata used for subsequent event creation or sharing workflows. Site administrators are not affected by this restriction, as they are explicitly allowed to overwrite templates across organizations.

The issue was fixed by enforcing an ownership check before overwrite: non-site-admin users may only overwrite templates owned by their own organization.

Affected Version(s)

misp 0 <= 2.5.38

References

https://github.com/MISP/MISP/commit/7c2200d143bef86aaf58d...

patch

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2026
Vulnerability Reserved
Jun 4, 2026

Credit

Andras Iklody

Jeroen Pinoy

CVE-2026-10855 Data

JSON

Misp

What is CVE-2026-10855?

Affected Version(s)

References

CVSS V4

Timeline

Credit