CVE-2026-61474: An improper authorization check in MISP’s attribute creation endpoint allowed an authenticated user with permission to add attributes to submit a sharing_group_id without triggerin
An improper authorization check in MISP’s attribute creation endpoint allowed an authenticated user with permission to add attributes to submit a sharing_group_id without triggering the corresponding sharing group authorization check, as long as the attribute distribution value was not explicitly set to 4 — “sharing group”.
As a result, a user could reference or associate an attribute with a sharing group they were not authorized to use. This could lead to an access-control bypass affecting the integrity of attribute sharing metadata and potentially expose or misuse restricted sharing group relationships.
The patch changes the authorization logic so that the sharing group permission check is performed whenever a non-empty sharing_group_id is provided, regardless of the selected distribution value.
Details
Original advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-61474
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-614740.24% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 15% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-61474 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
Recent advisories for An improper authorization
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- mediumCVE-2026-61441: PraisonAI Platform (praisonai-platform) before 0.1.9 improperly authorizes deletion of issue d…nvd · 2026-07-10
- highCVE-2026-40452: Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization …nvd · 2026-07-10
- unknownCVE-2026-21056: Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to…nvd · 2026-07-10
- unknownCVE-2026-21044: Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attack…nvd · 2026-07-10
- highCVE-2026-31309: Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0…nvd · 2026-07-08
- mediumCVE-2026-59253: n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated user…nvd · 2026-07-08
More from NVD Recent CVEs
- unknownCVE-2026-57828: The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload t…2026-07-11
- unknownCVE-2026-57827: The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that al…2026-07-11
- highCVE-2026-1359: The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized m…2026-07-11
- highCVE-2026-9282: The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up…2026-07-11
- mediumCVE-2026-9017: The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to autho…2026-07-11