PatchSiren cyber security CVE debrief
CVE-2026-56424 misp CVE debrief
CVE-2026-56424 involves multiple broken access-control flaws in the MISP core. These flaws allow lower-privileged authenticated users with relevant feature permissions to perform unauthorized actions, including cross-organization modifications or deletions of MISP data. This could result in integrity loss, unauthorized tampering with shared intelligence, and disruption of analyst workflows. The CVSS score is 7.1, indicating a High severity level. Affected paths include Event Reports tag removal, Collection Elements bulk deletion, Analyst Data capture/update, Template Elements editing, and Decaying Model editing and mappings.
- Vendor
- misp
- Product
- Unknown
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-22
- Original CVE updated
- 2026-06-22
- Advisory published
- 2026-06-22
- Advisory updated
- 2026-06-22
Who should care
Organizations using MISP (Malware Information Sharing Platform) should be aware of this vulnerability. Specifically, administrators and security teams responsible for MISP instances, particularly those with multi-organization sharing, should assess their exposure and take necessary actions. This vulnerability could impact the integrity of shared intelligence and disrupt analyst workflows.
Technical summary
The CVE-2026-56424 vulnerability stems from multiple broken access-control flaws in the MISP core. These flaws occur where authorization checks are performed against the wrong entity or where ownership/editability checks are missing on write paths. A lower-privileged authenticated user with relevant feature permissions could exploit these flaws to authorize one object but mutate another or modify objects that are merely visible rather than editable by the user's organization. Affected paths include Event Reports tag removal, Collection Elements bulk deletion, Analyst Data capture/update, Template Elements editing, and Decaying Model editing and mappings. The CVSS:4.0 vector is AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
High priority due to potential for unauthorized cross-organization modifications or deletions of MISP data, leading to integrity loss and disruption of analyst workflows.
Recommended defensive actions
- Inventory and review MISP instances for exposure
- Apply official patches or updates provided by MISP
- Review and restrict feature permissions for lower-privileged users
- Monitor for suspicious activity related to Event Reports, Collection Elements, Analyst Data, Template Elements, and Decaying Models
- Implement compensating controls to limit the impact of unauthorized actions
Evidence notes
Primary evidence comes from the CVE-2026-56424 record and NVD details. The vulnerability affects MISP core, with multiple broken access-control flaws. Evidence limits suggest that specific details about the MISP version and patch levels are not provided. Defenders should verify MISP instance configurations, user permissions, and monitor for suspicious activity related to affected paths.
Official resources
-
CVE-2026-56424 CVE record
CVE.org
-
CVE-2026-56424 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
5a6e4751-2f3f-4070-9419-94fb35b644e8
-
Source reference
5a6e4751-2f3f-4070-9419-94fb35b644e8
-
Source reference
5a6e4751-2f3f-4070-9419-94fb35b644e8
-
Source reference
5a6e4751-2f3f-4070-9419-94fb35b644e8
-
Source reference
5a6e4751-2f3f-4070-9419-94fb35b644e8
This article is AI-assisted and based on the supplied source corpus.