Description
MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of session query data in the context of the authenticated user. The issue was fixed by enabling CSRF protection for the affected blueprint and hardening query parsing.
Published: 2026-05-13
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing CSRF protection check in the home blueprint of MISP modules allows an attacker to craft a request that executes with the credentials of any authenticated user who visits a malicious page. The flaw permits the attacker to submit arbitrary requests to the home endpoint, potentially altering session query data and influencing subsequent actions performed by the compromised user.

Affected Systems

The vulnerability affects the MISP modules library from the MISP project, specifically versions 3.0.7 and earlier. It resides in the website component that renders the modules user interface rather than the core MISP server itself.

Risk and Exploitability

The CVSS score of 9.3 signals a high severity flaw that can result in unauthorized data modification. The EPSS score is not available, and the flaw is not listed in the CISA KEV catalog. Exploitation requires that the victim is already authenticated; an attacker can induce the user to open a crafted URL or click a link, causing the malicious request to be sent automatically. Because the home endpoint lacks CSRF validation, the attack does not need additional technical barriers, making it straightforward for attackers who can trick victims into visiting malicious content.

Generated by OpenCVE AI on May 13, 2026 at 22:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest version of misp-modules that enables CSRF protection for the home blueprint and hardens query parsing.
  • If an upgrade is not immediately possible, insert a CSRF token validation check on the home route to reject requests that lack a valid token.
  • Apply web application firewall rules to block requests to the home endpoint that do not include a CSRF token.

Generated by OpenCVE AI on May 13, 2026 at 22:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-j4rh-7jcr-qm69 misp-modules website - Missing CSRF protection in the website home blueprint
History

Thu, 14 May 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Misp
Misp misp-modules
Vendors & Products Misp
Misp misp-modules

Wed, 13 May 2026 20:00:00 +0000

Type Values Removed Values Added
Description MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of session query data in the context of the authenticated user. The issue was fixed by enabling CSRF protection for the affected blueprint and hardening query parsing.
Title misp-modules website - Missing CSRF protection in the website home blueprint
Weaknesses CWE-352
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H'}

Subscriptions

Misp Misp-modules
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-13T19:15:03.368Z

Reserved: 2026-05-05T20:15:20.631Z

Link: CVE-2026-44364

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-13T20:16:23.157

Modified: 2026-05-14T16:54:37.963

Link: CVE-2026-44364

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T14:33:44Z

Weaknesses