CVE-2026-44364

Source
https://cve.org/CVERecord?id=CVE-2026-44364
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44364.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-44364
Aliases
Published
2026-05-13T19:15:03.368Z
Modified
2026-07-08T08:05:14.577858968Z
Severity
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H CVSS Calculator
Summary
misp-modules website - Missing CSRF protection in the website home blueprint
Details

MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of session query data in the context of the authenticated user. The issue was fixed by enabling CSRF protection for the affected blueprint and hardening query parsing.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44364.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-352"
    ]
}
References

Affected packages

Git / github.com/misp/misp-modules

Affected ranges

Type
GIT
Repo
https://github.com/misp/misp-modules
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.7"
        }
    ]
}

Affected versions

v2.*
v2.4.110
v2.4.113
v2.4.116
v2.4.118
v2.4.119
v2.4.120
v2.4.121
v2.4.134
v2.4.136
v2.4.137
v2.4.141
v2.4.142
v2.4.143
v2.4.144
v2.4.145
v2.4.147
v2.4.148
v2.4.150
v2.4.151
v2.4.153
v2.4.154
v2.4.156
v2.4.157
v2.4.159
v2.4.160
v2.4.162
v2.4.163
v2.4.171
v2.4.172
v3.*
v3.0.6
v3.0.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44364.json"