Improper Authorization Vulnerability in MISP Affecting Site Administrator Accounts
CVE-2026-54357

5.1MEDIUM

Key Information:

Vendor

Misp

Status
Vendor
CVE Published:
12 June 2026

What is CVE-2026-54357?

An improper authorization vulnerability in the MISP platform has been identified, which allows an authenticated organization administrator to potentially access or modify user settings of site administrator accounts within the same organization. The vulnerability arises from insufficient access control checks that do not effectively segregate administrative actions based on user privileges. This flaw may lead to unauthorized viewing or alteration of sensitive information, thus crossing privilege boundaries intended for role separation. A security patch has been released to strengthen access control logic by excluding site administrator accounts from the set of users that organization administrators can manage, enhancing overall system security.

Affected Version(s)

misp 0 < 2.5.40

References

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

HE WEI(ギカク)
Andras Iklody
.