CVE-2026-39962 MISP CVE debrief

Who should care

Organizations using MISP for threat intelligence and sharing should prioritize patching to version 2.5.36 or later. Security teams responsible for MISP instances, especially those using Apache authentication with user-controlled server variables, must assess their exposure and apply the fix. This vulnerability could allow attackers to bypass authentication constraints or cause unauthorized LDAP queries, potentially leading to unauthorized access or data leakage.

Technical summary

The CVE-2026-39962 vulnerability in MISP is caused by improper neutralization of special elements in an LDAP query. Specifically, the ApacheAuthenticate.php file does not properly sanitize the username value when used in an LDAP query. This allows an attacker to inject LDAP commands, potentially bypassing authentication or performing unauthorized LDAP queries. The vulnerability is addressed in MISP version 2.5.36.

Defensive priority

High priority due to potential for authentication bypass and unauthorized LDAP queries

Recommended defensive actions

• Inventory MISP instances and verify current version
• Review official advisories and patch notes for MISP version 2.5.36
• Apply the patch by updating MISP to version 2.5.36 or later
• Review Apache configuration for user-controlled server variables
• Monitor for suspicious LDAP query activity

Evidence notes

The CVE-2026-39962 vulnerability is confirmed by the CVE record and NVD details. The issue is caused by improper neutralization of special elements in an LDAP query in the ApacheAuthenticate.php file of MISP. The vulnerability is fixed in version 2.5.36. Defenders should verify their MISP version and apply the patch. Evidence is based on official CVE and NVD sources, as well as vendor references.

Official resources