Description
An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own organization, but did not exclude accounts assigned a site administrator role from recipient queries. As a result, an organization administrator could perform privileged account-management actions, such as initiating a password reset workflow, against a higher-privileged site administrator account in the same organization.

Successful exploitation may allow an authenticated organization administrator to interfere with or potentially take over a site administrator account, resulting in privilege escalation and full compromise of the MISP instance’s confidentiality, integrity, and availability.

Attack prerequisites:
The attacker must be authenticated as an organization administrator in the same organization as a site administrator account.
Published: 2026-06-12
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authorization flaw in MISP allows an organization administrator to target and reset passwords for site administrator accounts that belong to the same organization. The flaw is caused by an authorization mistake that permits organization admins to query site administrators through the email‑reset feature, bypassing the intended restriction that limits queries to users within the same organization. Successful exploitation results in compromise of the target account and elevation of the attacker’s privileges, potentially giving full control over the MISP instance. The weakness is listed as CWE‑863 – Authorization Control for Privileges.

Affected Systems

The vulnerability impacts the MISP platform (vendor misp). Affected versions are not specified in the advisory, so all released MISP code that includes the legacy organization‑administrator email functionality is potentially vulnerable until patched.

Risk and Exploitability

The base score is 7.5, indicating high severity. The exploit probability is not publicly available, and the vulnerability is not listed in the CISA KEV catalog. The attack requires the attacker to be authenticated as an organization administrator within the same organization that hosts the targeted site administrator. No external exploitation beyond the authenticated user's rights is needed, making this a direct privilege‑escalation scenario rather than a remote code execution. The risk remains high because gaining site‑admin control compromises confidentiality, integrity, and availability of the entire MISP deployment.

Generated by OpenCVE AI on June 12, 2026 at 21:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest MISP release or the specific patch referenced by the commit 146795489abef478c8f595ecde2501c32482b81e to remove the authorization flaw.
  • Conduct a permissions audit to ensure that site‑administrator accounts are not exposed to organization‑level administrators and enforce strict role separation.
  • Check the MISP vendor’s release notes or website for additional advisories, updates, or guidance related to this authorization flaw.

Generated by OpenCVE AI on June 12, 2026 at 21:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Misp
Misp misp
Vendors & Products Misp
Misp misp

Fri, 12 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own organization, but did not exclude accounts assigned a site administrator role from recipient queries. As a result, an organization administrator could perform privileged account-management actions, such as initiating a password reset workflow, against a higher-privileged site administrator account in the same organization. Successful exploitation may allow an authenticated organization administrator to interfere with or potentially take over a site administrator account, resulting in privilege escalation and full compromise of the MISP instance’s confidentiality, integrity, and availability. Attack prerequisites: The attacker must be authenticated as an organization administrator in the same organization as a site administrator account.
Title MISP organization administrators can target site administrator accounts for password reset
Weaknesses CWE-863
References
Metrics cvssV4_0

{'score': 7.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Misp Misp
cve-icon MITRE

Status: PUBLISHED

Assigner: CIRCL

Published:

Updated: 2026-06-12T19:34:49.259Z

Reserved: 2026-06-12T19:34:30.744Z

Link: CVE-2026-54358

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-12T20:16:47.720

Modified: 2026-06-12T20:16:47.720

Link: CVE-2026-54358

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T22:00:20Z

Weaknesses