Known Vulnerabilities for Misp by Misp-project
Listed below are 10 of the newest known vulnerabilities associated with "Misp" by "Misp-project".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-62143 json | A Server-Side Request Forgery (SSRF) protection bypass existed in the html_to_markdown expansion module of misp-modules. The... | Not Provided | 2026-07-13 | 2026-07-13 |
| CVE-2026-61474 json | An improper authorization check in MISP’s attribute creation endpoint allowed an authenticated user with permission to add ... | Not Provided | 2026-07-09 | 2026-07-09 |
| CVE-2026-60125 json | MISP’s importModule() path used getEnabledModule() to resolve a single import module by name, but this lookup did not enfor... | Not Provided | 2026-07-08 | 2026-07-08 |
| CVE-2026-60124 json | An authorization bypass in MISP’s EventsController::importModule() allowed authenticated users or read-only API keys with e... | Not Provided | 2026-07-08 | 2026-07-08 |
| CVE-2026-56447 json | MISP allowed an authenticated site administrator to set the Kafka_rdkafka_config setting to an arbitrary filesystem path. MIS... | Not Provided | 2026-06-22 | 2026-06-22 |
| CVE-2026-56446 json | MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Bec... | Not Provided | 2026-06-22 | 2026-06-23 |
| CVE-2026-56425 json | Not Provided | 2026-06-22 | 2026-06-26 | |
| CVE-2026-56424 json | MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, ... | Not Provided | 2026-06-22 | 2026-06-23 |
| CVE-2026-56423 json | MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affect... | Not Provided | 2026-06-22 | 2026-06-23 |
| CVE-2026-56422 json | Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys (id) an... | Not Provided | 2026-06-22 | 2026-06-22 |