Mass Assignment Vulnerability in MISP's Sharing Group Creation
CVE-2026-54360
8.4HIGH
What is CVE-2026-54360?
A mass assignment vulnerability in MISP allows authenticated users with permissions to create sharing groups to pass an unauthorized identifier, enabling them to modify existing groups without appropriate access controls. This flaw arises from the app/Controller/SharingGroupsController.php file, where the system fails to strip the user-provided id before processing the request. Consequently, an attacker could exploit this vulnerability to gain control over sharing groups, threatening the confidentiality and integrity of the shared data. Prompt updates are recommended to mitigate risks.
Affected Version(s)
misp 0 < 2.5.40
