CVE-2026-10861 MISP post-login open redirect via pre_login_requested_url

An open redirect vulnerability existed in MISP UsersController::routeafterlogin because the value stored in the preloginrequestedurl session key was used as the post-login redirect destination without sufficiently enforcing that it was a local application path. An unauthenticated remote attacker...

CVE-2026-10861

An open redirect vulnerability affects MISP in UsersController::routeafterlogin(), where the pre_login_requested_url session key is used as the post-login redirect destination without enforcing that it is a local path. An unauthenticated attacker can lure a user to a trusted MISP instance and, af...

CVE-2026-10861 MISP post-login open redirect via pre_login_requested_url

An open redirect vulnerability existed in MISP UsersController::routeafterlogin because the value stored in the preloginrequestedurl session key was used as the post-login redirect destination without sufficiently enforcing that it was a local application path. An unauthenticated remote attacker...

PT-2026-46227

An open redirect vulnerability existed in MISP UsersController::routeafterlogin because the value stored in the pre login requested url session key was used as the post-login redirect destination without sufficiently enforcing that it was a local application path. An unauthenticated remote attack...