Improper Authorization Vulnerability in MISP Affecting Site Administrator Accounts
CVE-2026-54357
What is CVE-2026-54357?
An improper authorization vulnerability in the MISP platform has been identified, which allows an authenticated organization administrator to potentially access or modify user settings of site administrator accounts within the same organization. The vulnerability arises from insufficient access control checks that do not effectively segregate administrative actions based on user privileges. This flaw may lead to unauthorized viewing or alteration of sensitive information, thus crossing privilege boundaries intended for role separation. A security patch has been released to strengthen access control logic by excluding site administrator accounts from the set of users that organization administrators can manage, enhancing overall system security.
Affected Version(s)
misp 0 < 2.5.40
