CVE 9.3 CRITICAL

misp-modules website – Missing CSRF protection in the website home blueprint_CVE-2026-44364

May 13, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H

Description

MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of session query data in the context of the authenticated user. The issue was fixed by enabling CSRF protection for the affected blueprint and hardening query parsing.

AI Analysis

Cross-Site Request Forgery vulnerability in MISP Modules website

Basic Information

ID CVE-2026-44364

Source GitHub_M

Published May 13, 2026 at 19:15

Affected Product

Vendor MISP

Product misp-modules

Version <= 3.0.7

Affected Versions MISP misp-modules <= 3.0.7

CWE Classification

CWE-352

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor MISP

Product misp-modules

Version <= 3.0.7

References

github.com /MISP/misp-modules/security/advisories/GHSA-j4rh-7jcr-qm69

{
    "lastseen": "",
    "description": "MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of session query data in the context of the authenticated user. The issue was fixed by enabling CSRF protection for the affected blueprint and hardening query parsing.",
    "published": "2026-05-13T19:15:03.368Z",
    "modified": "2026-05-13T19:15:03.368Z",
    "type": "cve",
    "title": "misp-modules website - Missing CSRF protection in the website home blueprint",
    "source": "GitHub_M",
    "references": "https://github.com/MISP/misp-modules/security/advisories/GHSA-j4rh-7jcr-qm69",
    "id": "CVE-2026-44364",
    "bulletinFamily": "",
    "cwe": [
        "CWE-352"
    ],
    "cvelist": null,
    "sourceData": "MISP misp-modules <= 3.0.7",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "misp-modules",
    "version": "<= 3.0.7",
    "vendor": "MISP",
    "ai_description": "Cross-Site Request Forgery vulnerability in MISP Modules website",
    "ai_severity": "Critical",
    "ai_vendor": "MISP",
    "ai_product": "misp-modules",
    "ai_version": "<= 3.0.7",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply