CVE-2026-10861

An open redirect vulnerability affects MISP in UsersController::routeafterlogin(), where the pre_login_requested_url session key is used as the post-login redirect destination without enforcing that it is a local path. An unauthenticated attacker can lure a user to a trusted MISP instance and, af...

CVE-2026-10861 MISP post-login open redirect via pre_login_requested_url

An open redirect vulnerability existed in MISP UsersController::routeafterlogin because the value stored in the preloginrequestedurl session key was used as the post-login redirect destination without sufficiently enforcing that it was a local application path. An unauthenticated remote attacker...

CVE-2026-10861 MISP post-login open redirect via pre_login_requested_url

An open redirect vulnerability existed in MISP UsersController::routeafterlogin because the value stored in the preloginrequestedurl session key was used as the post-login redirect destination without sufficiently enforcing that it was a local application path. An unauthenticated remote attacker...

PT-2026-46227

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An open redirect occurs in the routeafterlogin function of the UsersController because the value stored in the pre login requested url session key is used as the post-login redirect destination...