CVE-2026-10855

An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the existing template. As a result, an authenticated user with access to the template import functionality could forcibly overwrite an event template owned by another organization. Successful exploitation could allow unauthorized modification of another organization’s event template, potentially altering template structure, attributes, or metadata used for subsequent event creation or sharing workflows. Site administrators are not affected by this restriction, as they are explicitly allowed to overwrite templates across organizations. The issue was fixed by enforcing an ownership check before overwrite: non-site-admin users may only overwrite templates owned by their own organization.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/MISP/MISP/commit/7c2200d143bef86aaf58d701b6968a843097db69	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*

History

22 Jun 2026, 19:23

Type	Values Removed	Values Added
First Time		Misp-project Misp-project misp
CPE	cpe:2.3:a:misp:misp::::::::	cpe:2.3:a:misp-project:misp::::::::

08 Jun 2026, 14:03

Type	Values Removed	Values Added
CPE		cpe:2.3:a:misp:misp::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
First Time		Misp Misp misp
References	~~() https://github.com/MISP/MISP/commit/7c2200d143bef86aaf58d701b6968a843097db69 -~~	() https://github.com/MISP/MISP/commit/7c2200d143bef86aaf58d701b6968a843097db69 - Patch

04 Jun 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-04 14:16

Updated : 2026-06-22 19:23

NVD link : CVE-2026-10855

Mitre link : CVE-2026-10855

CVE.ORG link : CVE-2026-10855

JSON object : View

Products Affected

misp-project

misp

CWE

CWE-862

Missing Authorization

{"id": "CVE-2026-10855", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-10855", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-04T13:52:21.065382Z"}}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "5a6e4751-2f3f-4070-9419-94fb35b644e8", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "5a6e4751-2f3f-4070-9419-94fb35b644e8", "affectedData": [{"repo": "https://github.com/misp/misp", "vendor": "misp", "product": "misp", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.5.38"}], "defaultStatus": "unaffected"}]}], "published": "2026-06-04T14:16:37.797", "references": [{"url": "https://github.com/MISP/MISP/commit/7c2200d143bef86aaf58d701b6968a843097db69", "tags": ["Patch"], "source": "5a6e4751-2f3f-4070-9419-94fb35b644e8"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "5a6e4751-2f3f-4070-9419-94fb35b644e8", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the existing template. As a result, an authenticated user with access to the template import functionality could forcibly overwrite an event template owned by another organization.\n\n\n\nSuccessful exploitation could allow unauthorized modification of another organization\u2019s event template, potentially altering template structure, attributes, or metadata used for subsequent event creation or sharing workflows. Site administrators are not affected by this restriction, as they are explicitly allowed to overwrite templates across organizations.\n\n\n\nThe issue was fixed by enforcing an ownership check before overwrite: non-site-admin users may only overwrite templates owned by their own organization."}], "lastModified": "2026-06-22T19:23:18.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F36ADE45-6CDA-466B-B002-321EA1414EB4", "versionEndExcluding": "2.5.39"}], "operator": "OR"}]}], "sourceIdentifier": "5a6e4751-2f3f-4070-9419-94fb35b644e8"}