External risk intelligence

MISP could allow external attackers to access sensitive threat intelligence

The MISP threat intelligence platform could allow external attackers to manipulate database queries, potentially exposing sensitive threat intelligence and compromising database integrity. There are currently no reports of active exploitation.

NVD published May 13, 2026 (2 days ago)

External risk briefCRITICAL

CVE-2026-44381

Halo Surface Signal

4/ 5

MISP is a web-based threat intelligence platform designed for collaboration across organizational boundaries. It is commonly deployed as an internet-facing web application or API to facilitate data sharing between distinct entities, making its web and API endpoints frequently accessible via the internet in standard deployments.

Exposure facts

CVSS

9.3

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS

0.04%

H – Horizon Alert

A security vulnerability has been identified in the MISP threat intelligence platform that could allow unauthorized manipulation of database queries. This issue stems from the system failing to sufficiently validate user-controlled sorting inputs before processing them. If exploited, an attacker could potentially gain unauthorized access to sensitive data or disrupt the intended behavior of the database. Consequently, this represents a potential risk to the confidentiality and functional integrity of the information managed within the platform.

A – Asset Exposure

This issue affects the MISP threat intelligence platform, which typically acts as a central repository for sharing sensitive security information across organizational boundaries. The vulnerability resides within the system's database processing, potentially allowing unauthorized access to sensitive threat data or the manipulation of query behavior. Given that this platform is often configured for collaborative use, this could pose a risk to database integrity and the confidentiality of the intelligence you manage.

L – Live Threat

The available context for this vulnerability does not indicate active exploitation or observed targeting at this time. We have seen no reports of public exploit code or known campaigns leveraging this issue. Consequently, the likelihood of immediate impact appears linked strictly to unauthorized access to the affected platform endpoints.

O – Operational Fix

We recommend updating the MISP platform to the latest available release to address a security vulnerability in how the system processes database queries. This update ensures that user-provided parameters are properly validated, preventing potential unauthorized access or manipulation of database operations. Please coordinate with your IT team to prioritize this update as part of your standard maintenance cycle.

References

github.com/MISP/MISP/security/advisories/GHSA-4cxp-22wm-j6jr