Cross-site Scripting Vulnerability in MISP by MISP Project
CVE-2026-8080

6.8MEDIUM

Key Information:

Vendor: Misp
Status: Misp
Vendor: CVE Published:; 7 May 2026

What is CVE-2026-8080?

A stored cross-site scripting vulnerability exists in MISP that affects versions prior to 2.5.37. Due to improper validation of user input in the handling of template element attributes, an attacker with permission to create or modify these attributes can potentially store malicious script content. This flaw arises because the MISP application allows arbitrary values for certain fields without proper sanitization, creating opportunities for XSS attacks. It is important to note that this issue pertains to the old templating engine, which will be deprecated in future releases of MISP.

Affected Version(s)

misp 0 < 2.5.37

References

https://github.com/MISP/MISP/commit/62824e5ca0056d01b195f...

patch

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
May 7, 2026

Credit

Luciano Righetti

Bjørn Helseth (TV 2 Norway)

CVE-2026-8080 Data

JSON

Misp

What is CVE-2026-8080?

Affected Version(s)

References

CVSS V4

Timeline

Credit