LDAP Injection in Misp

CVE-2026-39962

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAut…

EPSS: 0.001 (30.6th percentile) — read the EPSS interpretation.

Affected products

Misp — versions < 2.5.36

Weakness classification (CWE)

CWE-90 — LDAP Injection

References

https://github.com/MISP/MISP/security/advisories/GHSA-mc53-48w8-9g63 (x_refsource_CONFIRM)
https://github.com/MISP/MISP/commit/380ee4136a7d9ce2fe63fce06d517839f30aba10 (x_refsource_MISC)
https://github.com/MISP/MISP/commit/d7d671ea8f5822e91207dcad2003c35c30092a32 (x_refsource_MISC)
https://github.com/MISP/MISP/releases/tag/v2.5.36 (x_refsource_MISC)