CVE-2026-44364
misp-modules website - Missing CSRF protection in the website home blueprint
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of session query data in the context of the authenticated user. The issue was fixed by enabling CSRF protection for the affected blueprint and hardening query parsing.
| CWE | CWE-352 |
| Vendor | misp |
| Product | misp-modules |
| Published | May 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for misp misp-modules
Be the first to know when new unknown vulnerabilities affecting misp misp-modules are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
MISP / misp-modules
<= 3.0.7