CVE-2026-44380

UNKNOWN 0.0

MISP: Improper access control in auth key reset allows privilege escalation to site administrator

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within the same organization. Because non-site administrators were not explicitly prevented from accessing or resetting site administrator auth keys, an attacker with organization administrator privileges could potentially obtain a newly generated auth key for a higher-privileged account and use it to escalate privileges. This vulnerability is fixed in 2.5.37.

CWE	CWE-863
Vendor	misp
Product	misp
Published	May 13, 2026

Stay Ahead of the Next One

Get instant alerts for misp misp

Be the first to know when new unknown vulnerabilities affecting misp misp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

MISP / MISP

< 2.5.37

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/MISP/MISP/security/advisories/GHSA-3939-4g6m-m3hc