CVE-2026-56422
MISP has fixed multiple vulnerabilities in the MISP platform. The vulnerabilities include manipulating client-supplied primary and foreign keys by authenticated users, leading to unauthorized data overwriting, ownership transfer, and modification of record scopes. Furthermore, there was inadequate access control during bulk deletion of Event Reports and Sharing Groups, allowing users with broad role rights to delete items from other organizations. There were also multiple access control issues that allowed unauthorized changes or deletions across organizational boundaries. Additionally, the platform contained a vulnerability where authenticated site administrators could set the NDJSON error log path to a web-accessible PHP file, leading to remote code execution via injected PHP code in log files. Furthermore, authenticated administrators could specify arbitrary Kafka configuration files, enabling arbitrary code execution by loading malicious libraries. These vulnerabilities have been mitigated by implementing server-side validation, strict authorization controls, restrictions on log path configurations, and enforcing allowed locations for configuration files.
CSIRTS triage
- What
- Authenticated users can manipulate keys and access controls, leading to unauthorized data changes and remote code execution.
- Who is affected
- Authenticated users of the MISP platform with specific roles.
- Urgency
- Remediation is urgent due to the potential for remote code execution and unauthorized data manipulation.
- Action
- Update to the latest version of MISP to mitigate these vulnerabilities.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-56422
Get an email if CVE-2026-56422 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.36% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 28% of all EPSS-scored CVEs.
Advisory coverage (1)
- unknownNCSC-2026-0213 [1.00] [M/H] Vulnerabilities fixed in MISP platformncsc-nl · 2026-06-29
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-56422)