CVE-2026-44379 MISP CVE debrief

Who should care

Defenders responsible for MISP installations, particularly those with user access to create or modify Collection records, should prioritize patching to version 2.5.37 or later. This vulnerability, while not highly severe, could lead to integrity issues or unexpected behavior if exploited. Reviewing user access controls and ensuring proper validation of UUIDs in MISP Collections is crucial.

Technical summary

The vulnerability (CVE-2026-44379) exists in MISP Collections due to a lack of RFC 4122 UUID validation on the uuid field in versions prior to 2.5.37. This allows users with create or modify permissions on Collection records to submit malformed UUIDs, potentially causing system instability or unexpected behavior. The issue is addressed in MISP version 2.5.37, which enforces proper UUID validation.

Defensive priority

Medium priority due to potential for integrity issues and unexpected behavior with user-level access

Recommended defensive actions

• Inventory MISP installations and identify versions prior to 2.5.37
• Review user access controls for MISP Collections and restrict create/modify permissions as needed
• Apply the patch to upgrade MISP to version 2.5.37 or later
• Verify UUID validation is properly enforced post-patching
• Monitor for unusual activity or errors related to Collection UUIDs

Evidence notes

The CVE-2026-44379 vulnerability was publicly disclosed on May 13, 2026, and details were last modified on June 22, 2026. The vulnerability affects MISP versions prior to 2.5.37. Primary evidence includes the official CVE record and details from the NVD. Defenders should verify MISP version and user access controls, and review official advisories for additional information.

Official resources