Main Vulnerability Database Vulnerabilities #VU125765

LDAP injection in MISP - CVE-2026-39962

Published: April 10, 2026

Vulnerability identifier: #VU125765

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2026-39962

CWE-ID: CWE-90

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: misp-project.org

Affected software:
MISP

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authentication constraints or cause unauthorized LDAP queries.

The vulnerability exists due to improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php when processing an unsanitized username value from a user-controlled Apache environment variable. A remote attacker can manipulate that value to bypass authentication constraints or cause unauthorized LDAP queries.

Exploitation requires ApacheAuthenticate.apacheEnv to be configured to use a user-controlled server variable instead of REMOTE_USER, such as in certain proxy setups.

How to mitigate CVE-2026-39962

Install security update from vendor's website.

Sources

https://github.com/MISP/MISP/security/advisories/GHSA-mc53-48w8-9g63

LDAP injection in MISP - CVE-2026-39962

Detailed vulnerability description

How to mitigate CVE-2026-39962

Sources

Please verify you're human