Remote Code Execution Vulnerability in MISP Logging Configuration
CVE-2026-56446

8.7HIGH

Key Information:

Vendor: Misp
Status: Misp
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-56446?

A security vulnerability in MISP's log configuration allows an authenticated site administrator to set an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. By exploiting this flaw, an attacker can direct log output to a PHP file located in a publicly accessible directory. This can result in the injection of PHP code through crafted log entries. If successfully executed, this could lead to remote code execution with the privileges of the web server process. The recent patch addresses this issue by enforcing strict limitations on log destinations, ensuring they are confined to specified directories, rejecting unsafe input patterns, and allowing only specific file extensions.

Affected Version(s)

misp 0 <= 2.5.41

References

https://github.com/MISP/MISP/commit/9600d486ccfc98388e138...

patch

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Jun 22, 2026

Credit

Jeroen Pinoy

Jakub Chyliński

Andras Iklody

CVE-2026-56446 Data

JSON

Misp

What is CVE-2026-56446?

Affected Version(s)

References

CVSS V4

Timeline

Credit