Improper Authorization in MISP Allows Bypass of Sharing Group Permissions
CVE-2026-61474
What is CVE-2026-61474?
An improper authorization check in the MISP application allows authenticated users to bypass sharing group permissions when creating attributes. This vulnerability permits users to submit a sharing_group_id without undergoing the necessary authorization verification, provided that the attribute distribution value is not explicitly set to the âsharing groupâ value. Consequently, a malicious actor could potentially associate sensitive attributes with unauthorized sharing groups, compromising the integrity and privacy of the sharing relationships. The recent patch updates the authorization logic to ensure that permissions are rigorously checked whenever a sharing_group_id is supplied, safeguarding against unauthorized access.
Affected Version(s)
misp 0 <= 2.5.42
