Access Control Vulnerability in MISP Core Affecting Event Reports and Sharing Groups
CVE-2026-56423

9.4CRITICAL

Key Information:

Vendor: Misp
Status: Misp
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-56423?

MISP Core features critical access control flaws that allow authorized users to delete event reports and sharing groups owned by other organizations. Specifically, the deleteSelection handlers for both Event Reports and Sharing Groups leverage broad role permissions instead of stringent ownership verification. This oversight permits an authenticated attacker with appropriate permissions to submit IDs for reports or sharing groups not owned by them, leading to potential loss of vital data across the MISP instance. To mitigate this, the system has been updated to include ownership checks that validate user authorization for each deletion request, significantly enhancing the integrity of data management.

Affected Version(s)

misp 0 <= 2.5.41

References

https://github.com/MISP/MISP/commit/ada02fa6d7558732aa471...

patch

https://github.com/MISP/MISP/commit/f99b3f16ef22c7acf10e1...

patch

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Jun 22, 2026

Credit

Andras Iklody

Jeroen Pinoy

Claude (the international export version)

CVE-2026-56423 Data

JSON

Misp

What is CVE-2026-56423?

Affected Version(s)

References

CVSS V4

Timeline

Credit