CVE-2026-54396
Received Received - Intake
Information Disclosure in MISP AuthKey Edit Functionality

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: 5a6e4751-2f3f-4070-9419-94fb35b644e8

Description
An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was populated using the attacker-controlled AuthKey.user_id value from the submitted request data. An authenticated user with permission to edit an AuthKey could submit arbitrary user IDs and observe the returned dropdown data, allowing enumeration of user email addresses. The issue is fixed by deriving the dropdown user from the persisted AuthKey owner instead of the request body.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-13
AI Q&A
2026-06-13
EPSS Evaluated
N/A
NVD
CVE-2026-54396
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
misp misp *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an information disclosure issue in the MISP AuthKey edit functionality. When an authenticated user with permission to edit an AuthKey submits an edit request that causes a validation error, the system incorrectly uses the attacker-controlled user_id value from the request to populate a user dropdown. This allows the attacker to submit arbitrary user IDs and see the corresponding dropdown data, enabling them to enumerate user email addresses.

The root cause is that the dropdown user list is derived from the submitted request data instead of the persisted AuthKey owner. The issue is fixed by changing the dropdown to use the stored AuthKey owner information.

Impact Analysis

This vulnerability can impact you by allowing an authenticated user with edit permissions to enumerate user email addresses within the system. This information disclosure could be leveraged for further attacks such as phishing, social engineering, or targeted attacks against users.

Mitigation Strategies

To mitigate this vulnerability, ensure that the MISP AuthKey edit functionality is updated to the fixed version where the dropdown user is derived from the persisted AuthKey owner instead of the request body.

Additionally, restrict permissions so that only trusted authenticated users have the ability to edit AuthKeys, minimizing the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54396. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart