Mass Assignment Vulnerabilities in MISP Affecting Data Control and Integrity
CVE-2026-54361

8.8HIGH

Key Information:

Vendor

Misp

Status
Vendor
CVE Published:
12 June 2026

What is CVE-2026-54361?

The MISP Threat Intelligence Platform has been found to include several mass assignment vulnerabilities that compromise data integrity. These vulnerabilities stem from improper handling of user-supplied fields related to critical attributes such as identifiers and ownership information. Authenticated attackers with access to specific MISP endpoints can exploit these weaknesses to manipulate object ownership, redirect updates, and overwrite event delegations. This could lead to unauthorized changes to MISP objects, potentially exposing sensitive threat intelligence data. The vulnerabilities have been addressed by restricting the ownership and identity fields, ensuring that they are securely bound to their stored values during edit operations.

Affected Version(s)

misp 0 < 2.5.40

References

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jeroen Pinoy
Andras Iklody
.