Authorization Flaw in MISP by GitHub
CVE-2026-54358
What is CVE-2026-54358?
An authorization flaw in MISP enables an organization administrator to inadvertently access privileged site administrator accounts through the misuse of the administrative email functionality. While the design intended to restrict organization administrators to user interactions within their own organization, it overlooked site administrator roles during recipient queries. Consequently, this oversight allows an authenticated organization administrator to initiate sensitive account management tasks, such as resetting passwords, on higher-privileged accounts, which could lead to unauthorized actions and compromise the integrity and confidentiality of the MISP instance. To exploit this vulnerability, attackers must be authenticated as organization administrators within the same organization as the targeted site administrator.
Affected Version(s)
misp 0 < 2.5.40
