CVE-2026-54358
Received Received - Intake
Incorrect Authorization in MISP Allows Privilege Escalation

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: 5a6e4751-2f3f-4070-9419-94fb35b644e8

Description
An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own organization, but did not exclude accounts assigned a site administrator role from recipient queries. As a result, an organization administrator could perform privileged account-management actions, such as initiating a password reset workflow, against a higher-privileged site administrator account in the same organization. Successful exploitation may allow an authenticated organization administrator to interfere with or potentially take over a site administrator account, resulting in privilege escalation and full compromise of the MISP instance’s confidentiality, integrity, and availability. Attack prerequisites: The attacker must be authenticated as an organization administrator in the same organization as a site administrator account.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-13
AI Q&A
2026-06-12
EPSS Evaluated
N/A
NVD
CVE-2026-54358
EUVD
EUVD-2026-36550
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
misp misp *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an incorrect authorization issue in MISP that allows an organization administrator to target site administrator accounts within the same organization using the administrative email functionality.

Although the code restricted organization administrators to users within their own organization, it failed to exclude accounts with the site administrator role from recipient queries.

As a result, an organization administrator could perform privileged actions, such as initiating a password reset, on a higher-privileged site administrator account in the same organization.

Compliance Impact

This vulnerability allows an organization administrator to escalate privileges by targeting site administrator accounts within the same organization, potentially leading to full compromise of the MISP instance's confidentiality, integrity, and availability.

Such a compromise could impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over access to sensitive data and administrative functions to protect personal and health information.

By enabling unauthorized privilege escalation and potential account takeover, the vulnerability increases the risk of unauthorized data access or modification, which could result in violations of these regulatory requirements.

Impact Analysis

If exploited successfully, an authenticated organization administrator could interfere with or potentially take over a site administrator account.

This leads to privilege escalation and full compromise of the MISP instance’s confidentiality, integrity, and availability.

Mitigation Strategies

To mitigate this vulnerability, apply the patch that modifies the admin_email function in the UsersController.php file of MISP.

The patch prevents organization administrators from targeting site administrator accounts by excluding site admin roles from recipient queries during email reset operations.

This ensures that organization admins cannot perform privileged account-management actions, such as initiating password resets, against site admin accounts within the same organization.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54358. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart