CVE-2026-10863
Authentication Bypass via Order Parameter in CorrelationsController
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: 5a6e4751-2f3f-4070-9419-94fb35b644e8
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| misp | misp | to 2026-08-01 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an authenticated user to manipulate the ordering clause in database queries, which could potentially lead to unsafe query construction. However, the direct impact is limited to query manipulation without confirmed SQL injection or unauthorized data exposure.
Since there is no confirmed unauthorized data exposure or data breach, the vulnerability's direct effect on compliance with standards like GDPR or HIPAA is limited. Nonetheless, any potential for unsafe query construction or data exposure could pose risks to data integrity and confidentiality, which are critical for compliance.
Can you explain this vulnerability to me?
This vulnerability involves the 'order' query parameter in the over-correlation endpoint of an application. Originally, the application accepted the 'order' parameter from user-controlled request parameters, allowing an authenticated user to override the server-defined ordering of query results.
Because the ordering value was processed by the underlying data access layer, this could lead to manipulation of the database query ordering and potentially unsafe query construction.
The vulnerability was fixed by removing the 'order' parameter from user control and instead setting the ordering server-side to a fixed value ('occurrence desc'), preventing users from influencing the query order.
How can this vulnerability impact me? :
An authenticated attacker could manipulate the ordering clause used in the over-correlations query. While the direct impact is limited to query manipulation, this could potentially lead to unsafe query construction.
If further exploited, this might expose the application to risks such as SQL injection or unauthorized data exposure through the manipulated ordering expression, although no direct evidence confirms this.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the 'order' query parameter in the over-correlation endpoint is controllable by an authenticated user. Specifically, you can test whether sending requests with different 'order' parameters affects the ordering of query results.
A practical approach is to perform authenticated requests to the over-correlation endpoint with varying 'order' parameters and observe if the response ordering changes accordingly.
- Use curl or similar tools to send authenticated requests with different 'order' values, for example: curl -X GET -H "Authorization: Bearer <token>" "https://<target>/correlations/over-correlation?order=some_malicious_value"
- Compare the response data ordering to see if the 'order' parameter is being accepted and applied.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation is to ensure that the 'order' parameter cannot be controlled by user input in the over-correlation endpoint.
Specifically, update the affected code (app/Controller/CorrelationsController.php) to remove the 'order' parameter from user-controllable request parameters and hardcode the ordering server-side to a safe value such as 'occurrence desc'.
Applying the patch from the referenced commit (Resource 1) will prevent unauthorized manipulation of the query ordering and reduce the risk of unsafe query construction.