Main Vulnerability Database Vulnerabilities #VU125765

#VU125765 LDAP injection in MISP - CVE-2026-39962

Published: April 10, 2026

Vulnerability identifier: #VU125765

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2026-39962

CWE-ID: CWE-90

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
MISP

Software vendor:
misp-project.org

Description

The vulnerability allows a remote attacker to bypass authentication constraints or cause unauthorized LDAP queries.

The vulnerability exists due to improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php when processing an unsanitized username value from a user-controlled Apache environment variable. A remote attacker can manipulate that value to bypass authentication constraints or cause unauthorized LDAP queries.

Exploitation requires ApacheAuthenticate.apacheEnv to be configured to use a user-controlled server variable instead of REMOTE_USER, such as in certain proxy setups.

Remediation

Install security update from vendor's website.

External links

https://github.com/MISP/MISP/security/advisories/GHSA-mc53-48w8-9g63

#VU125765 LDAP injection in MISP - CVE-2026-39962

Description

Remediation

External links

Please verify you're human