CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

NCSC-2026-0213 [1.00] [M/H] Vulnerabilities fixed in MISP platform

unknownCVE-2026-56422CVE-2026-56423CVE-2026-56424CVE-2026-56425CVE-2026-56446CVE-2026-56447
MISP has fixed multiple vulnerabilities in the MISP platform. The vulnerabilities include manipulating client-supplied primary and foreign keys by authenticated users, leading to unauthorized data overwriting, ownership transfer, and modification of record scopes. Furthermore, there was inadequate access control during bulk deletion of Event Reports and Sharing Groups, allowing users with broad role rights to delete items from other organizations. There were also multiple access control issues that allowed unauthorized changes or deletions across organizational boundaries. Additionally, the platform contained a vulnerability where authenticated site administrators could set the NDJSON error log path to a web-accessible PHP file, leading to remote code execution via injected PHP code in log files. Furthermore, authenticated administrators could specify arbitrary Kafka configuration files, enabling arbitrary code execution by loading malicious libraries. These vulnerabilities have been mitigated by implementing server-side validation, strict authorization controls, restrictions on log path configurations, and enforcing allowed locations for configuration files.

CSIRTS triage

What
Authenticated users can manipulate keys and access controls, leading to unauthorized data changes and remote code execution.
Who is affected
Authenticated users of the MISP platform with specific roles.
Urgency
Remediation is urgent due to the potential for remote code execution and unauthorized data manipulation.
Action
Update to the latest version of MISP to mitigate these vulnerabilities.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch MISP

Get an email when a new MISP advisory drops — max one per day, one-click unsubscribe.

Details

Source
NCSC-NL Advisories (NL · national-cert · site)
Severity
unknown
Published
2026-06-29
Exploitation
Not in CISA KEV at last sync
Language
Machine-translated to English — verify against the original

Original advisory: https://advisories.ncsc.nl/advisory?id=NCSC-2026-0213

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-56422coverage & exploitation statusNVD · CVE.org
CVE-2026-56423coverage & exploitation statusNVD · CVE.org
CVE-2026-56424coverage & exploitation statusNVD · CVE.org
CVE-2026-56425coverage & exploitation statusNVD · CVE.org
CVE-2026-56446coverage & exploitation statusNVD · CVE.org
CVE-2026-56447coverage & exploitation statusNVD · CVE.org

More from NCSC-NL Advisories