CVE-2026-54358

EPSS 0.23%
Veröffentlicht 12.06.2026 19:34:49
Zuletzt bearbeitet 15.06.2026 20:46:57
Quelle 5a6e4751-2f3f-4070-9419-94fb35
CVE-Watchlists
Login
Unerledigt
Login

MISP organization administrators can target site administrator accounts for password reset

An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own organization, but did not exclude accounts assigned a site administrator role from recipient queries. As a result, an organization administrator could perform privileged account-management actions, such as initiating a password reset workflow, against a higher-privileged site administrator account in the same organization.

Successful exploitation may allow an authenticated organization administrator to interfere with or potentially take over a site administrator account, resulting in privilege escalation and full compromise of the MISP instance’s confidentiality, integrity, and availability.

Attack prerequisites:
The attacker must be authenticated as an organization administrator in the same organization as a site administrator account.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellermisp

≫

Produkt misp

Default Statusunaffected

Version 0

Version < 2.5.40

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.135

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
5a6e4751-2f3f-4070-9419-94fb35b644e8	7.5	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://github.com/MISP/MISP/commit/146795489abef478c8f595ecde2501c32482b81e

https://nvd.nist.gov/vuln/detail/CVE-2026-54358

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-54358

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-54358

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-54358