EUVD-2026-38226

MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection handlers authorized deletion using broad role-level permissions instead of validating authorization for each selected object. For Event Reports,...

CVE-2026-25998 strongMan vulnerable to private credential recovery due to key and counter reuse

strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database private keys, EAP secrets, strongMan encrypts the corresponding database fields. So far it used AES in CTR mode with a global database key. Together with an initialization...