Auth bypass in Misp
CVE-2026-61474
An improper authorization check in MISP’s attribute creation endpoint allowed an authenticated user with permission to add attributes to submit a sharing_group_id without triggering the corresponding sharing group authorization check, as l…
Vulnerability class: Broken Access Control
Affected products
- Misp — versions 0