CVE-2026-44364

216.73.217.22

· Published 13/05/2026 20:16 · Modified 14/05/2026 16:54

Labels: CVE-2026-44364 2026-05-13 CVE-2026-44364 CWE-352 [email protected]

Essential information

Published: 13/05/2026 20:16
Modified: 14/05/2026 16:54
Author: —
Creator: —
CVSS: 9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of session query data in the context of the authenticated user. The issue was fixed by enabling CSRF protection for the affected blueprint and hardening query parsing.

NVD status

Status: Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
misp / misp	`cpe:2.3:a:misp:misp::<3.0.7>::::::*`