Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

MISP — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting MISP. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MISP is an open-source threat intelligence platform designed for sharing cyber threat information between organizations. Historically, vulnerabilities in MISP have included remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation or access control issues. The platform's security characteristics emphasize collaborative information sharing, though past incidents have highlighted risks in default configurations and plugin vulnerabilities. With 9 CVEs on record, MISP remains widely adopted for threat intelligence sharing, requiring proper hardening and regular updates to mitigate potential exploitation risks. Organizations should implement strict access controls and validate all shared data to prevent misuse.

Found 15 results / 17Clear Filters
Top products by MISP: MISP misp-modules
CVE IDTitleCVSSSeverityPublished
CVE-2026-9137 CSP Report Endpoint Log Flooding via Incorrect Size Limit — mispCWE-400--2026-05-20
CVE-2026-9136 Unauthorized ShadowAttribute modification in MISP via client-supplied identifier — mispCWE-639--2026-05-20
CVE-2026-9084 MISP OIDC authentication bypass via automatic email-based account linking under insecure IdP configurations — mispCWE-287--2026-05-20
CVE-2026-44379 MISP: Improper UUID validation in MISP Collections — MISPCWE-20--2026-05-13
CVE-2026-44380 MISP: Improper access control in auth key reset allows privilege escalation to site administrator — MISPCWE-863--2026-05-13
CVE-2026-44381 MISP: SQL injection via unvalidated ordering parameters in event and shadow attribute listings — MISPCWE-89--2026-05-13
CVE-2026-8080 MISP core - Stored XSS in MISP template (old engine) element attribute type — mispCWE-79 5.4AIMediumAI2026-05-07
CVE-2026-39962 LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable — MISPCWE-90 8.2AIHighAI2026-04-09
CVE-2025-67906 MISP 安全漏洞 — MISPCWE-79 5.4 Medium2025-12-15
CVE-2025-66386 MISP 安全漏洞 — MISPCWE-23 4.1 Medium2025-11-28
CVE-2025-66384 MISP 安全漏洞 — MISPCWE-684 8.2 High2025-11-28
CVE-2024-58128 MISP 安全漏洞 — MISPCWE-79 5.5 Medium2025-03-28
CVE-2024-58129 MISP 安全漏洞 — MISPCWE-79 5.5 Medium2025-03-28
CVE-2024-58130 MISP 安全漏洞 — MISPCWE-79 7.2 High2025-03-28
CVE-2024-57969 MISP 安全漏洞 — MISPCWE-863 4.3 Medium2025-02-14

This page lists every published CVE security advisory associated with MISP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.