Known Vulnerabilities for products from Misp-project

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Misp-project".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-56447 json MISP allowed an authenticated site administrator to set the Kafka_rdkafka_config setting to an arbitrary filesystem path. MIS... Not Provided 2026-06-22 2026-06-23
CVE-2026-56446 json MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Bec... Not Provided 2026-06-22 2026-06-23
CVE-2026-56425 json The Azure Active Directory (AAD) authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization f... Not Provided 2026-06-22 2026-06-26
CVE-2026-56424 json MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, ... Not Provided 2026-06-22 2026-06-23
CVE-2026-56423 json MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affect... Not Provided 2026-06-22 2026-06-23
CVE-2026-44381 json MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in th... Not Provided 2026-05-13 2026-06-22
CVE-2026-44380 json MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in... Not Provided 2026-05-13 2026-06-22
CVE-2026-44379 json MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 U... Not Provided 2026-05-13 2026-06-22
CVE-2026-39962 json MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements... Not Provided 2026-04-09 2026-06-22
CVE-2026-10864 json A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence whi... Not Provided 2026-06-04 2026-06-22
CVE-2026-10863 json A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from us... Not Provided 2026-06-04 2026-06-22
CVE-2026-10861 json An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_r... Not Provided 2026-06-04 2026-06-22
CVE-2026-10860 json A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTT... Not Provided 2026-06-04 2026-06-22
CVE-2026-10856 json A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local pa... Not Provided 2026-06-04 2026-06-22
CVE-2026-10855 json An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in ove... Not Provided 2026-06-04 2026-06-22
CVE-2026-10854 json A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies be... Not Provided 2026-06-04 2026-06-22
CVE-2026-10611 json An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In depl... Not Provided 2026-06-02 2026-06-22
CVE-2026-9137 json The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB befor... Not Provided 2026-05-20 2026-06-22
CVE-2026-9136 json A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled Sha... Not Provided 2026-05-20 2026-06-22
CVE-2026-8080 json Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stor... Not Provided 2026-05-07 2026-06-22

Known software with vulnerabilities from Misp-project

Type Vendor Product Version
ApplicationMisp-projectMalware Information Sharing Platform0.1
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report