Lucene search
K

4 matches found

NVD
NVD
added 2026/05/20 8:16 p.m.14 views

CVE-2026-9136

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

8.3CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 6:39 p.m.33 views

CVE-2026-9136 Unauthorized ShadowAttribute modification in MISP via client-supplied identifier

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

8.3CVSS0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 6:39 p.m.10 views

CVE-2026-9136 Unauthorized ShadowAttribute modification in MISP via client-supplied identifier

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

8.3CVSS5.7AI score0.00229EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 6:39 p.m.2 views

CVE-2026-9136 Unauthorized ShadowAttribute modification in MISP via client-supplied identifier

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

8.3CVSS5.8AI score0.00229EPSS
Exploits0References3
Rows per page
Query Builder