QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-44364

Back to search

CVE-2026-44364

Published: May 13, 2026

Modified: May 14, 2026

PUBLISHED

Description

MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of session query data in the context of the authenticated user. The issue was fixed by enabling CSRF protection for the affected blueprint and hardening query parsing.

VendorProductVersions

MISP

misp-modules

affected
<= 3.0.7

Weaknesses (CWE)

CWE-352

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now