Primary

Context

MISP Improper Access Control Vulnerability in Authentication Key Reset Allows Privilege Escalation

Vulnerability

Patched

A vulnerability in MISP prior to version 2.5.37 allows organization administrators to improperly access and reset authentication keys of site administrators within the same organization. This lack of access control meant that an organization administrator could obtain a new authentication key for a site administrator account and use it to escalate privileges. The vulnerability has been addressed by restricting non-site administrators from accessing or resetting authentication keys for site administrators.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an organization administrator to gain elevated rights by accessing site administrator authentication keys.

Remediation

Users can upgrade to MISP version 2.5.37 or later to address this vulnerability.

Added: May 13, 2026, 9:26 PM

Updated: May 13, 2026, 9:26 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

4.4

remediation

7.7

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

4.4

remediation

7.7

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MISP Improper Access Control Vulnerability in Authentication Key Reset Allows Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

MISP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating