CVE-2026-10855
published 2026-06-04CVE-2026-10855: An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application…
PriorityP422medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.15%
5.0th percentile
An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the existing template. As a result, an authenticated user with access to the template import functionality could forcibly overwrite an event template owned by another organization.
Successful exploitation could allow unauthorized modification of another organization’s event template, potentially altering template structure, attributes, or metadata used for subsequent event creation or sharing workflows. Site administrators are not affected by this restriction, as they are explicitly allowed to overwrite templates across organizations.
The issue was fixed by enforcing an ownership check before overwrite: non-site-admin users may only overwrite templates owned by their own organization.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| misp-project | misp | < 2.5.39 | 2.5.39 |
| misp | misp | <= 2.5.38 | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
MISP up to 2.5.38 Overwrite Mode authorization
vuldb·2026-06-04·CVSS 5.1
CVE-2026-10855 [MEDIUM] MISP up to 2.5.38 Overwrite Mode authorization
A vulnerability marked as problematic has been reported in MISP up to 2.5.38. This affects an unknown part of the component Overwrite Mode. Performing a manipulation results in missing authorization.
This vulnerability is reported as CVE-2026-10855. The attack is possible to be carried out remotely. No exploit exists.
It is suggested to upgrade the affected component.
GHSA
An authorization flaw existed in the MISP Event Template Importer overwrite workflow.
ghsa_unreviewed·2026-06-04
CVE-2026-10855 [MEDIUM] CWE-862 An authorization flaw existed in the MISP Event Template Importer overwrite workflow.
An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the existing template. As a result, an authenticated user with access to the template import functionality could forcibly overwrite an event template owned by another organization.
Successful exploitation could allow unauthorized modification of another organization’s event template, potentially altering template structure, attributes, or metadata used for subsequent event creation or sharing workflows. Site administrators are not affected by this restriction, as they are explicitly allowed to overwrite
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-04
Published