Privilege escalation in Misp
CVE-2026-10868
A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit(). When processing edit requests, the application accepted a user-controlled User.id…
Vulnerability class: Privilege Escalation
Affected products
- Misp — versions 0