Browse all 9 CVE security advisories affecting misp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
MISP is an open-source threat intelligence platform designed for sharing cyber threat information between organizations. Historically, vulnerabilities in MISP have included remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation or access control issues. The platform's security characteristics emphasize collaborative information sharing, though past incidents have highlighted risks in default configurations and plugin vulnerabilities. With 9 CVEs on record, MISP remains widely adopted for threat intelligence sharing, requiring proper hardening and regular updates to mitigate potential exploitation risks. Organizations should implement strict access controls and validate all shared data to prevent misuse.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-8080 | MISP core - Stored XSS in MISP template (old engine) element attribute type — mispCWE-79 | 5.4AI | MediumAI | 2026-05-07 |
| CVE-2026-39962 | LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable — MISPCWE-90 | 8.2AI | HighAI | 2026-04-09 |
| CVE-2025-67906 | MISP 安全漏洞 — MISPCWE-79 | 5.4 | Medium | 2025-12-15 |
| CVE-2025-66386 | MISP 安全漏洞 — MISPCWE-23 | 4.1 | Medium | 2025-11-28 |
| CVE-2025-66384 | MISP 安全漏洞 — MISPCWE-684 | 8.2 | High | 2025-11-28 |
| CVE-2024-58128 | MISP 安全漏洞 — MISPCWE-79 | 5.5 | Medium | 2025-03-28 |
| CVE-2024-58129 | MISP 安全漏洞 — MISPCWE-79 | 5.5 | Medium | 2025-03-28 |
| CVE-2024-58130 | MISP 安全漏洞 — MISPCWE-79 | 7.2 | High | 2025-03-28 |
| CVE-2024-57969 | MISP 安全漏洞 — MISPCWE-863 | 4.3 | Medium | 2025-02-14 |
This page lists every published CVE security advisory associated with misp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.