NCSC-2026-0213 [1.00] [M/H] Vulnerabilities fixed in MISP platform
MISP has fixed multiple vulnerabilities in the MISP platform. The vulnerabilities include manipulating client-supplied primary and foreign keys by authenticated users, leading to unauthorized data overwriting, ownership transfer, and modification of record scopes. Furthermore, there was inadequate access control during bulk deletion of Event Reports and Sharing Groups, allowing users with broad role rights to delete items from other organizations. There were also multiple access control issues that allowed unauthorized changes or deletions across organizational boundaries. Additionally, the platform contained a vulnerability where authenticated site administrators could set the NDJSON error log path to a web-accessible PHP file, leading to remote code execution via injected PHP code in log files. Furthermore, authenticated administrators could specify arbitrary Kafka configuration files, enabling arbitrary code execution by loading malicious libraries. These vulnerabilities have been mitigated by implementing server-side validation, strict authorization controls, restrictions on log path configurations, and enforcing allowed locations for configuration files.
CSIRTS triage
- What
- Authenticated users can manipulate keys and access controls, leading to unauthorized data changes and remote code execution.
- Who is affected
- Authenticated users of the MISP platform with specific roles.
- Urgency
- Remediation is urgent due to the potential for remote code execution and unauthorized data manipulation.
- Action
- Update to the latest version of MISP to mitigate these vulnerabilities.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch MISP
Get an email when a new MISP advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://advisories.ncsc.nl/advisory?id=NCSC-2026-0213
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-564220.36% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 28% of all scored CVEs.
- Low exploitation riskCVE-2026-564230.26% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 17% of all scored CVEs.
- Low exploitation riskCVE-2026-564240.36% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 28% of all scored CVEs.
- Low exploitation riskCVE-2026-564250.26% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 17% of all scored CVEs.
- Low exploitation riskCVE-2026-564460.38% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 30% of all scored CVEs.
- Low exploitation riskCVE-2026-564470.34% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 26% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-56422 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-56423 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-56424 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-56425 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-56446 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-56447 | coverage & exploitation status | NVD · CVE.org |
More from NCSC-NL Advisories
- unknownNCSC-2026-0223 [1.00] [M/H] Vulnerabilities fixed in BeyondTrust Remote Support and Privileged Remote Access2026-07-10
- unknownNCSC-2026-0222 [1.00] [M/H] Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition2026-07-10
- unknownNCSC-2026-0221 [1.00] [M/H] Vulnerabilities fixed in UniFi products from Ubiquiti Networks2026-07-07
- unknownNCSC-2026-0220 [1.00] [M/H] Vulnerabilities fixed in Rancher by Rancher Labs2026-07-03
- unknownNCSC-2026-0219 [1.00] [M/H] Vulnerabilities fixed in GitHub Enterprise Server2026-07-03