Access Control Vulnerability in MISP Core Affecting Event Reports and Sharing Groups
CVE-2026-56423
Key Information:
Badges
What is CVE-2026-56423?
MISP Core features critical access control flaws that allow authorized users to delete event reports and sharing groups owned by other organizations. Specifically, the deleteSelection handlers for both Event Reports and Sharing Groups leverage broad role permissions instead of stringent ownership verification. This oversight permits an authenticated attacker with appropriate permissions to submit IDs for reports or sharing groups not owned by them, leading to potential loss of vital data across the MISP instance. To mitigate this, the system has been updated to include ownership checks that validate user authorization for each deletion request, significantly enhancing the integrity of data management.
Affected Version(s)
misp 0 <= 2.5.41
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
