CVE-2026-44363

UNKNOWN 0.0

Unsafe remote resource fetching in expansion misp-modules

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The html_to_markdown module accepted arbitrary HTTP(S) URLs without sufficient validation, which could allow Server-Side Request Forgery against loopback, private, or link-local network resources. Additionally, the qrcode module disabled TLS certificate verification when retrieving remote images, exposing requests to potential man-in-the-middle interception or response tampering. The issue was fixed by validating URL schemes, blocking local and private address ranges, resolving hostnames before fetching, enforcing request timeouts, and re-enabling TLS certificate verification. This vulnerability is fixed in 3.0.7.

CWE	CWE-295 CWE-918
Vendor	misp
Product	misp-modules
Published	May 13, 2026

Stay Ahead of the Next One

Get instant alerts for misp misp-modules

Be the first to know when new unknown vulnerabilities affecting misp misp-modules are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

MISP / misp-modules

< 3.0.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/MISP/misp-modules/security/advisories/GHSA-fhq3-2gf3-8f3j github.com: https://github.com/MISP/misp-modules/commit/01a522f2772fc31eeed379ccf23750c8a3d401db