2 matches found
CVE-2026-61474 MISP: Improper sharing group authorization check when adding attributes
An improper authorization check in MISP’s attribute creation endpoint allowed an authenticated user with permission to add attributes to submit a sharinggroupid without triggering the corresponding sharing group authorization check, as long as the attribute distribution value was not explicitly s...
CVE-2026-54398
An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...