CRITICALCVE-2026-44364CVSS 9.5

CVE-2026-44364: CSRF in MISP Modules Website

Q: What is CVE-2026-44364 — CSRF in misp-modules?

It's a Cross-Site Request Forgery (CSRF) vulnerability in MISP Modules versions up to 3.0.7, allowing attackers to forge requests as authenticated users.

Q: Am I affected by CVE-2026-44364 in misp-modules?

If you are using MISP Modules version 3.0.7 or earlier, you are potentially affected and should prioritize patching.

Q: How do I fix CVE-2026-44364 in misp-modules?

Upgrade to a patched version of MISP Modules where the CSRF protection has been enabled. If upgrading isn't possible, implement temporary workarounds like restricting access to the 'home' endpoint.

Q: Is CVE-2026-44364 being actively exploited?

While no public POCs are currently available, the high CVSS score suggests exploitation is possible and warrants monitoring.

Q: Where can I find the official misp-modules advisory for CVE-2026-44364?

Refer to the MISP Modules security advisories and the NVD entry for CVE-2026-44364 for detailed information.

Platform

php

Component

misp-modules

Fixed in

3.0.8

View on NVD

Save

CVE-2026-44364 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the MISP Modules website. An attacker could leverage this flaw to trick authenticated users into unknowingly submitting malicious requests, leading to unauthorized modifications. This vulnerability affects versions of MISP Modules up to and including 3.0.7, and has been resolved by implementing CSRF protection for the affected blueprint.

Impact and Attack Scenarios

The primary impact of CVE-2026-44364 lies in the potential for unauthorized modification of session query data. An attacker could craft a malicious request, disguised as a legitimate action from an authenticated user, to alter this data. This could lead to a variety of consequences, depending on the nature of the session query data and how it's used by the MISP Modules system. For example, an attacker might be able to manipulate search queries, alter reporting parameters, or even modify user configurations. The ability to modify session data elevates the risk of data breaches and system compromise, particularly if the affected user possesses elevated privileges within the MISP environment. While the vulnerability targets the 'home' endpoint, the potential for cascading effects through related modules and integrations should be considered.

Exploitation Context

CVE-2026-44364 was reported by Bilal Teke on 2026-05-06. The vulnerability's CVSS score of 9.5 (CRITICAL) indicates a high level of severity. Public proof-of-concept (POC) code is currently unavailable, but the relatively high CVSS score suggests that exploitation is likely possible. The vulnerability is not currently listed on KEV or EPSS, but given its critical severity and the potential for session manipulation, it warrants close monitoring. Refer to the MISP Modules security advisories for further details and updates.

Affected Software

Componentmisp-modules

VendorMISP

Minimum version3.0.0

Maximum version<= 3.0.7

Fixed in3.0.8

Weakness Classification (CWE)

CWE-352

Timeline

Reserved2026-05-05
Published2026-05-13

Mitigation and Workarounds

The recommended mitigation for CVE-2026-44364 is to immediately upgrade MISP Modules to a patched version where the vulnerability has been addressed. The fix involves enabling CSRF protection for the blueprint that was previously exempted. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the 'home' endpoint or implementing stricter input validation on session query parameters. While not a complete solution, these measures can reduce the attack surface. Monitor web application firewalls (WAFs) for suspicious requests targeting the 'home' endpoint. After upgrading, confirm the fix by attempting to submit a crafted CSRF request and verifying that it is blocked by the implemented CSRF protection.

How to fix

Actualice el módulo misp-modules a la versión 3.0.8 o superior para habilitar la protección CSRF en el blueprint del inicio y endurecer el análisis de consultas, mitigando así el riesgo de Cross-Site Request Forgery.

Frequently asked questions

What is CVE-2026-44364 — CSRF in misp-modules?

It's a Cross-Site Request Forgery (CSRF) vulnerability in MISP Modules versions up to 3.0.7, allowing attackers to forge requests as authenticated users.

Am I affected by CVE-2026-44364 in misp-modules?

If you are using MISP Modules version 3.0.7 or earlier, you are potentially affected and should prioritize patching.

How do I fix CVE-2026-44364 in misp-modules?

Upgrade to a patched version of MISP Modules where the CSRF protection has been enabled. If upgrading isn't possible, implement temporary workarounds like restricting access to the 'home' endpoint.

Is CVE-2026-44364 being actively exploited?

While no public POCs are currently available, the high CVSS score suggests exploitation is possible and warrants monitoring.

Where can I find the official misp-modules advisory for CVE-2026-44364?

Refer to the MISP Modules security advisories and the NVD entry for CVE-2026-44364 for detailed information.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan free Search CVEs

livefree scan

Try it now — no account

Upload any manifest (composer.lock, package-lock.json, WordPress plugin list…) or paste your component list. You get a vulnerability report instantly. Uploading a file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.

Manual scanSlack/email alertsContinuous monitoringWhite-label reports

Drag & drop your dependency file

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...

Browse files