Auth bypass in Misp
CVE-2026-10611
An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=true, users authenticated through an auth…
Vulnerability class: Broken Authentication
EPSS: 0.001 (22.2th percentile) — read the EPSS interpretation.
Affected products
- Misp — versions 0