cvedb.io
CVE-2026-44380
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2026-05-13T21:16:48.623 · Last modified 2026-06-22T19:23:18.580

Summary

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within the same organization. Because non-site administrators were not explicitly prevented from accessing or resetting site administrator auth keys, an attacker with organization administrator privileges could potentially obtain a newly generated auth key for a higher-privileged account and use it to escalate privileges. This vulnerability is fixed in 2.5.37.

Affected products

misp-project — misp

Does this affect you?

Add your gear to cvedb and we'll alert you only when misp-project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.