Main Vulnerability Database SB2026041014

SB2026041014 - LDAP injection in MISP

Published: April 10, 2026

Security Bulletin ID SB2026041014

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) LDAP injection (CVE-ID: CVE-2026-39962)

The vulnerability allows a remote attacker to bypass authentication constraints or cause unauthorized LDAP queries.

The vulnerability exists due to improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php when processing an unsanitized username value from a user-controlled Apache environment variable. A remote attacker can manipulate that value to bypass authentication constraints or cause unauthorized LDAP queries.

Exploitation requires ApacheAuthenticate.apacheEnv to be configured to use a user-controlled server variable instead of REMOTE_USER, such as in certain proxy setups.

Remediation

Install update from vendor's website.

References

https://github.com/MISP/MISP/security/advisories/GHSA-mc53-48w8-9g63