CVE-2026-44364

CRITICAL SEVERITY

Vulnerability Description

MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of session query data in the context of the authenticated user. The issue was fixed by enabling CSRF protection for the affected blueprint and hardening query parsing.

Vulnerability Details

Published Date

May 06, 2026

Last Modified

May 14, 2026

CWE ID

CWE-352

Source

GitHub

Vendor

pip

Product

misp-modules

External References

https://github.com/MISP/misp-modules/security/advisories/GHSA-j4rh-7jcr-qm69
https://github.com/MISP/misp-modules/commit/52cda9caa003cafe87e14ae3721db5e16f6f111a
https://github.com/advisories/GHSA-j4rh-7jcr-qm69

CVE-2026-44364

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment