Main Vulnerability Database Vulnerabilities #VU128494

SQL injection in MISP - #VU128494

Published: April 30, 2026

Vulnerability identifier: #VU128494

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-89

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: misp-project.org

Affected software:
MISP

Detailed vulnerability description

The vulnerability allows a remote user to manipulate SQL queries and potentially disclose sensitive information or modify query behavior.

The vulnerability exists due to SQL injection in the event and shadow attribute listing endpoints when handling user-controlled ordering parameters. A remote user can send a specially crafted ordering parameter to manipulate SQL queries and potentially disclose sensitive information or modify query behavior.

Depending on database permissions and query context, exploitation may have other database-level impact.

Remediation

Install security update from vendor's website.

Sources

https://github.com/MISP/MISP/security/advisories/GHSA-4cxp-22wm-j6jr

SQL injection in MISP - #VU128494

Detailed vulnerability description

Remediation

Sources

Please verify you're human