216.73.216.6

CVE-2026-44380

· Published 13/05/2026 21:16 · Modified 14/05/2026 16:57

Labels: CVE-2026-44380 2026-05-13CVE-2026-44380CWE-863[email protected]

Essential information

Published
13/05/2026 21:16
Modified
14/05/2026 16:57
Author
Creator
CVSS
8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within the same organization. Because non-site administrators were not explicitly prevented from accessing or resetting site administrator auth keys, an attacker with organization administrator privileges could potentially obtain a newly generated auth key for a higher-privileged account and use it to escalate privileges. This vulnerability is fixed in 2.5.37.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
misp / misp cpe:2.3:a:misp:misp:<2.5.37:*:*:*:*:*:*:*

References