Back to CVE risk briefs

External risk intelligence

MISP modules could allow external attackers to modify session data via authenticated users.

MISP modules could allow an external attacker to trick an authenticated user into submitting unintended commands, potentially compromising the integrity of session data. This issue requires user interaction and currently shows no evidence of active exploitation.

NVD published May 13, 2026 (2 days ago)

External risk briefCRITICAL

CVE-2026-44364

Halo Surface Signal

2/ 5

The vulnerability is a Cross-Site Request Forgery requiring user interaction while authenticated. MISP modules are typically deployed in restricted internal security environments. The exposure is linked to specific user activity within the web interface rather than being an inherently public-facing or internet-accessible service.

Exposure facts

CVSS
9.3
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS
0.02%

H – Horizon Alert

A security vulnerability has been identified within the MISP modules platform related to the processing of web requests. This issue creates a Cross-Site Request Forgery risk, which could allow an unauthorized party to trick an authenticated user into submitting unintended commands to the system. If successful, this could lead to the unauthorized modification of session query data, potentially compromising the integrity of information managed during an active user session.

A – Asset Exposure

The vulnerability affects the MISP modules website, specifically impacting the home endpoint functionality. By tricking an authenticated user into interacting with a malicious link, unauthorized parties could cause the system to process unintended requests. This might result in the modification of session query data within that user's active session. This exposure is primarily tied to user activity within the web interface rather than being inherently open to general internet traffic.

L – Live Threat

This issue involves a Cross-Site Request Forgery (CSRF) vulnerability in certain web modules that could allow an attacker to influence the actions of an authenticated user. At this time, the available context does not indicate active exploitation or observed targeting of this vulnerability. As there is currently no evidence of public exploit code or widespread abuse, this should be treated as a standard security maintenance matter.

O – Operational Fix

To address this security update, please prioritize applying the latest release for your MISP modules deployment. The developers have resolved this vulnerability by enabling CSRF protection and hardening query parsing for the affected website components. We recommend applying this update promptly to ensure your systems remain secured against unauthorized session requests.

References