CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-56423

unknowncovered by 1 sourcefirst seen 2026-06-29
MISP has fixed multiple vulnerabilities in the MISP platform. The vulnerabilities include manipulating client-supplied primary and foreign keys by authenticated users, leading to unauthorized data overwriting, ownership transfer, and modification of record scopes. Furthermore, there was inadequate access control during bulk deletion of Event Reports and Sharing Groups, allowing users with broad role rights to delete items from other organizations. There were also multiple access control issues that allowed unauthorized changes or deletions across organizational boundaries. Additionally, the platform contained a vulnerability where authenticated site administrators could set the NDJSON error log path to a web-accessible PHP file, leading to remote code execution via injected PHP code in log files. Furthermore, authenticated administrators could specify arbitrary Kafka configuration files, enabling arbitrary code execution by loading malicious libraries. These vulnerabilities have been mitigated by implementing server-side validation, strict authorization controls, restrictions on log path configurations, and enforcing allowed locations for configuration files.

CSIRTS triage

What
Authenticated users can manipulate keys and access controls, leading to unauthorized data changes and remote code execution.
Who is affected
Authenticated users of the MISP platform with specific roles.
Urgency
Remediation is urgent due to the potential for remote code execution and unauthorized data manipulation.
Action
Update to the latest version of MISP to mitigate these vulnerabilities.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-56423

Get an email if CVE-2026-56423 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-56423

CVE.org record

Embed the live status

CVE-2026-56423 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-56423 status](https://www.csirts.com/badge/CVE-2026-56423)](https://www.csirts.com/cve/CVE-2026-56423)