CVE-2026-54357
Received Received - Intake
Improper Authorization in MISP Allows Privilege Escalation

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: 5a6e4751-2f3f-4070-9419-94fb35b644e8

Description
An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership but did not exclude higher-privileged site administrator users. As a result, an organization administrator could potentially view or alter site administrator user settings and related login profile information, crossing the intended privilege boundary between organization administration and site-wide administration. The patch hardens the ACL logic by excluding site administrator accounts from organization administrator–managed user sets, adding explicit authorization failure when a target user is not administrable, and ensuring user setting and login profile operations fail closed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-13
AI Q&A
2026-06-13
EPSS Evaluated
N/A
NVD
CVE-2026-54357
EUVD
EUVD-2026-36549
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
misp misp *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows an authenticated organization administrator to access or modify user settings of site administrator accounts, crossing intended privilege boundaries. This improper authorization could lead to unauthorized access or alteration of sensitive user information, potentially impacting data confidentiality and integrity.

Such unauthorized access and modification capabilities may conflict with compliance requirements in standards like GDPR and HIPAA, which mandate strict access controls and protection of sensitive user data to prevent unauthorized disclosure or alteration.

The patch addresses this by hardening access control logic to exclude site administrator accounts from organization administrator management, enforcing explicit authorization failures, and ensuring operations fail closed, thereby improving compliance posture by enforcing proper privilege separation and reducing risk of unauthorized data access.

Executive Summary

This vulnerability is an improper authorization issue in the MISP platform where an authenticated organization administrator could access or modify user settings of site administrator accounts within the same organization. The access control checks only limited administrative actions by organization membership but failed to exclude higher-privileged site administrators. As a result, organization administrators could cross privilege boundaries and view or change site administrator user settings and login profile information.

The patch fixes this by improving access control logic to exclude site administrator accounts from being managed by organization administrators, adding explicit authorization failures when a user is not administrable, and ensuring operations on user settings and login profiles fail securely.

Impact Analysis

This vulnerability can impact you by allowing organization administrators to improperly access or modify the settings and login profiles of site administrators. This could lead to unauthorized changes in critical user configurations, potentially compromising site-wide administrative controls and security.

Such unauthorized access could result in privilege escalation, unauthorized data access, or disruption of administrative functions, undermining the security and integrity of the MISP platform.

Detection Guidance

This vulnerability involves improper authorization allowing organization administrators to access or modify site administrator user settings within the same organization. Detection would involve monitoring or auditing attempts by organization administrators to access or change site administrator settings or login profiles.

Since the vulnerability is related to access control in the MISP platform, detection commands would focus on reviewing logs or access attempts within the application rather than network-level commands.

Specific commands are not provided in the available resources or context.

Mitigation Strategies

To mitigate this vulnerability, apply the security patch that hardens the access control logic in MISP.

  • Update the MISP platform to include the fix that prevents organization administrators from accessing or modifying site administrator user settings.
  • Ensure that the updated methods such as `getSiteAdminRoleIds()`, `isUserSiteAdmin()`, and the enhanced access control checks in `UserLoginProfilesController` and `UserSettingsController` are present and active.
  • Verify that authorization validation in `setSetting()` prevents unauthorized edits by organization administrators on site administrator settings.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54357. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart