Mass Assignment Vulnerabilities in MISP Affecting Data Control and Integrity
CVE-2026-54361
What is CVE-2026-54361?
The MISP Threat Intelligence Platform has been found to include several mass assignment vulnerabilities that compromise data integrity. These vulnerabilities stem from improper handling of user-supplied fields related to critical attributes such as identifiers and ownership information. Authenticated attackers with access to specific MISP endpoints can exploit these weaknesses to manipulate object ownership, redirect updates, and overwrite event delegations. This could lead to unauthorized changes to MISP objects, potentially exposing sensitive threat intelligence data. The vulnerabilities have been addressed by restricting the ownership and identity fields, ensuring that they are securely bound to their stored values during edit operations.
Affected Version(s)
misp 0 < 2.5.40
