CVE-2026-10860
Essential information
- Published
- 04/06/2026 15:16
- Modified
- 04/06/2026 15:19
- Author
- —
- Creator
- —
- CVSS
- 7.9 HIGH (v3) 7.9 HIGH (v4.0)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
—
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Privileges required
- —
- User interaction
- —
- Scope
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Attack requirements
- NONE
- Privileges required
- NONE
- User interaction
- NONE
- Confidentiality (V)
- NONE
- Confidentiality (S)
- HIGH
- Integrity (V)
- LOW
- Integrity (S)
- HIGH
- Availability (V)
- LOW
- Availability (S)
- HIGH
- Exploit maturity
- NOT_DEFINED
Description
A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to missing parentheses in the delete condition, the expression was evaluated as ($validationError === null && POST) || DELETE, meaning a DELETE request could proceed even when the delete validation callback had rejected the operation. An authenticated attacker with access to an affected delete endpoint could abuse this flaw to delete records that should have been protected by application-level validation or authorization checks.
NVD status
- Status
- Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- 5a6e4751-2f3f-4070-9419-94fb35b644e8
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| misp / misp | cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:* |