Auth bypass in Misp

CVE-2026-61474

An improper authorization check in MISP’s attribute creation endpoint allowed an authenticated user with permission to add attributes to submit a sharing_group_id without triggering the corresponding sharing group authorization check, as l…

Vulnerability class: Broken Access Control

Affected products

Weakness classification (CWE)

References