CVE-2026-54398 misp CVE debrief

Who should care

Users of MISP (Malware Information Sharing Platform) who have object editing permissions are potentially affected by this vulnerability.

Technical summary

The vulnerability arises from an authorization flaw in MISP's object add/edit handling. Specifically, when editing objects, the sharing group validation is performed against the wrong request data structure after object fields have been merged to the top level, causing the check to be bypassed. Additionally, attributes embedded in objects are not individually validated for authorized sharing group use. This allows an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user is not authorized to use or view.

Defensive priority

MEDIUM

Recommended defensive actions

• Apply the patch referenced in [ref-4](https://github.com/MISP/MISP/commit/4fe48c523e66999d65f99fdec9508adb3aa1c0f3) to fix the authorization flaw.
• Restrict object editing permissions to authorized users.
• Monitor MISP instance for suspicious activity related to object and attribute sharing group modifications.

Evidence notes

The CVE-2026-54398 vulnerability has a CVSS score of 5.3 and is classified as MEDIUM severity. The vulnerability was published and modified on June 12, 2026.

Official resources