SB2026043017 - Multiple vulnerabilities in MISP

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026043017

SB2026043017 - Multiple vulnerabilities in MISP

Published: April 30, 2026

Security Bulletin ID SB2026043017
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 vulnerabilities.


1) SQL injection (CVE-ID: N/A)

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to manipulate SQL queries and potentially disclose sensitive information or modify query behavior.

The vulnerability exists due to SQL injection in the event and shadow attribute listing endpoints when handling user-controlled ordering parameters. A remote user can send a specially crafted ordering parameter to manipulate SQL queries and potentially disclose sensitive information or modify query behavior.

Depending on database permissions and query context, exploitation may have other database-level impact.


2) Improper access control (CVE-ID: N/A)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to escalate privileges to site administrator.

The vulnerability exists due to improper access control in the authentication key reset functionality when handling authentication key reset requests for site administrator accounts within the same organization. A remote user can reset authentication keys for site administrator accounts to escalate privileges to site administrator.

Exploitation requires organization administrator privileges and is limited to site administrator accounts within the same organization.


3) Input validation error (CVE-ID: N/A)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to cause integrity issues or unexpected behavior.

The vulnerability exists due to improper input validation in the Collection uuid field when creating or modifying Collection records. A remote user can submit malformed UUID values to cause integrity issues or unexpected behavior.


Remediation

Install update from vendor's website.

References