CVE-2026-44363: SSRF in MISP Modules 3.0.0 - 3.0.7
Plattform
python
Komponente
misp-modules
Behoben in
3.0.7
CVE-2026-44363 describes a Server-Side Request Forgery (SSRF) vulnerability affecting MISP Modules versions 3.0.0 through 3.0.7. This vulnerability arises from insufficient validation of HTTP(S) URLs used by expansion modules, potentially allowing attackers to access internal resources or intercept sensitive data. The vulnerability has been addressed in version 3.0.7, and users are strongly advised to upgrade.
Erkenne diese CVE in deinem Projekt
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.
Auswirkungen und Angriffsszenarien
An attacker exploiting this SSRF vulnerability could potentially access internal network resources that are not directly exposed to the internet. The htmltomarkdown module's lack of URL validation allows requests to be directed at loopback, private, or link-local network addresses, potentially revealing sensitive information stored on internal servers. Furthermore, the qrcode module's disabled TLS certificate verification opens the door to man-in-the-middle attacks, enabling attackers to intercept and tamper with responses. This could lead to data breaches, unauthorized access, and potential compromise of the entire MISP instance.
Ausnutzungskontext
CVE-2026-44363 was published on May 13, 2026. There is no indication of this vulnerability being actively exploited in the wild at this time. The vulnerability's impact is dependent on the internal network topology and the sensitivity of resources accessible from the MISP server. No KEV or EPSS score is currently available.
Bedrohungsanalyse
Exploit-Status
CISA SSVC
Betroffene Software
Schwachstellen-Klassifikation (CWE)
Zeitleiste
- Reserviert
- Veröffentlicht
- Geändert
Mitigation und Workarounds
The primary mitigation for CVE-2026-44363 is to upgrade MISP Modules to version 3.0.7 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or proxy to filter outbound requests from the MISP Modules, blocking requests to internal or untrusted IP ranges. Additionally, restrict network access to the MISP server to only necessary ports and hosts. After upgrading, confirm the fix by attempting to access an internal resource via the htmltomarkdown module and verifying that the request is denied.
So behebenwird übersetzt…
Actualice el módulo MISP a la versión 3.0.7 o superior para mitigar la vulnerabilidad. Esta versión incluye validaciones de URL, bloqueo de direcciones locales y privadas, resolución de nombres de host antes de la obtención, tiempos de espera de solicitud y re-habilitación de la verificación de certificados TLS.
Häufig gestellte Fragen
What is CVE-2026-44363 — SSRF in MISP Modules?
CVE-2026-44363 is a Server-Side Request Forgery (SSRF) vulnerability affecting MISP Modules versions 3.0.0 through 3.0.7, allowing attackers to potentially access internal resources.
Am I affected by CVE-2026-44363 in MISP Modules?
If you are running MISP Modules versions 3.0.0 through 3.0.6, you are potentially affected by this SSRF vulnerability. Upgrade to 3.0.7 to mitigate the risk.
How do I fix CVE-2026-44363 in MISP Modules?
The recommended fix is to upgrade MISP Modules to version 3.0.7 or later. As a temporary workaround, implement a WAF or proxy to filter outbound requests.
Is CVE-2026-44363 being actively exploited?
There is currently no public information indicating that CVE-2026-44363 is being actively exploited in the wild.
Where can I find the official MISP advisory for CVE-2026-44363?
Refer to the official MISP security advisories on the MISP website for the most up-to-date information regarding CVE-2026-44363 and related updates.
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Erkenne diese CVE in deinem Projekt
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.
Scannen Sie jetzt Ihr Python-Projekt – kein Konto
Laden Sie Ihr requirements.txt hoch und erhalten Sie den Schwachstellenbericht sofort. Kein Konto. Das Hochladen der Datei ist nur der Anfang: mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack-/E-Mail-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.
Abhängigkeitsdatei hier ablegen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...