PatchSiren cyber security CVE debrief
CVE-2026-54359 misp CVE debrief
CVE-2026-54359 is a HIGH severity vulnerability with a CVSS score of 7.1. The vulnerability exists in MISP due to an insecure default configuration where the Security.check_sec_fetch_site_header control is disabled. This allows a remote unauthenticated attacker to craft a malicious web page that causes an authenticated MISP user’s browser to issue cross-site requests to MISP automation endpoints. Successful exploitation could allow unauthorized modification of MISP data or configuration with the privileges of the victim user.
- Vendor
- misp
- Product
- Unknown
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Operators of MISP deployments should be aware of this vulnerability, especially those with multi-homed deployments.
Technical summary
The vulnerability is caused by the disabled Security.check_sec_fetch_site_header control in MISP's default configuration. This control restricts state-changing requests such as POST, PUT, or AJAX requests based on the browser-provided Sec-Fetch-Site header. Without this restriction, an attacker can forge requests that may be processed with the privileges of the victim user.
Defensive priority
High
Recommended defensive actions
- Enable the Security.check_sec_fetch_site_header control to mitigate this issue.
- Validate the setting before enforcing it, especially for multi-homed MISP deployments.
Evidence notes
The CVE record and NVD detail provide information on the vulnerability. A source reference is available on GitHub, detailing a commit related to this issue.
Official resources
-
CVE-2026-54359 CVE record
CVE.org
-
CVE-2026-54359 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
5a6e4751-2f3f-4070-9419-94fb35b644e8
CVE-2026-54359 was published and modified on 2026-06-12T20:16:47.843Z.