Auth bypass in Misp

CVE-2026-56424

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged auth…

Vulnerability class: IDOR (Insecure Direct Object Reference)