मुफ्त स्कैन करें

यह पृष्ठ अभी तक आपकी भाषा में अनुवादित नहीं हुआ है। हम इस पर काम कर रहे हैं, तब तक अंग्रेज़ी में सामग्री दिखाई जा रही है।

💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.

MEDIUMCVE-2026-44363

CVE-2026-44363: SSRF in MISP Modules Expansion

प्लेटफ़ॉर्म

python

घटक

misp-modules

में ठीक किया गया

3.0.7

NVD पर देखें
सहेजें
आपकी भाषा में अनुवाद हो रहा है…

CVE-2026-44363 describes an unsafe remote resource fetching vulnerability found within the MISP Modules expansion for the MISP platform. This flaw allows attackers to potentially perform Server-Side Request Forgery (SSRF), enabling them to access internal network resources. The vulnerability impacts MISP installations using versions up to 3.0.7, and a fix has been implemented by enhancing URL validation and restricting access to sensitive network ranges.

Python

इस CVE को अपने प्रोजेक्ट में पहचानें

अपनी requirements.txt फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।

requirements.txt अपलोड करेंसमर्थित प्रारूप: requirements.txt · Pipfile.lock

प्रभाव और हमले की स्थितियाँअनुवाद हो रहा है…

The SSRF vulnerability in MISP Modules allows an attacker to craft malicious requests that originate from the MISP server itself. This bypasses typical network security controls, as the request appears to come from a trusted internal source. Specifically, the htmltomarkdown module's lack of URL validation permits requests to arbitrary HTTP(S) URLs, including those within loopback, private, or link-local network ranges. This could expose sensitive data residing on internal servers, such as configuration files, databases, or internal web applications. The qrcode module's disabled TLS certificate verification further exacerbates the risk, opening the door to man-in-the-middle attacks where an attacker can intercept and tamper with responses. Successful exploitation could lead to unauthorized access to internal systems and data, potentially compromising the entire MISP deployment and connected network segments.

शोषण संदर्भअनुवाद हो रहा है…

CVE-2026-44363 was published on 2026-05-06. The EPSS score is pending evaluation, indicating the likelihood of exploitation is currently unknown. No public Proof-of-Concept (PoC) exploits have been publicly disclosed at the time of writing. The vulnerability is not currently listed on CISA Known Exploited Vulnerabilities (KEV) catalog. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.

खतरा खुफिया

एक्सप्लॉइट स्थिति

प्रूफ ऑफ कॉन्सेप्टअज्ञात
CISA KEVNO

CISA SSVC

शोषणnone
स्वचालनीयno
तकनीकी प्रभावpartial

प्रभावित सॉफ्टवेयर

घटकmisp-modules
विक्रेताMISP
न्यूनतम संस्करण3.0.0
अधिकतम संस्करण< 3.0.7
में ठीक किया गया3.0.7

कमजोरी वर्गीकरण (CWE)

CWE-295CWE-918

समयरेखा

  1. आरक्षित
  2. प्रकाशित
  3. संशोधित

शमन और वर्कअराउंडअनुवाद हो रहा है…

To mitigate CVE-2026-44363, upgrading to a patched version of MISP Modules is the primary recommendation. The fix involves rigorous URL scheme validation, blocking access to local and private address ranges, and resolving hostnames before fetching resources. If immediate upgrading is not feasible, consider implementing temporary workarounds. Restrict network access to the MISP server to only necessary resources. Implement a Web Application Firewall (WAF) or proxy with SSRF protection rules to filter out malicious requests. Carefully review and restrict the URLs that the htmltomarkdown module is allowed to access. After upgrading, confirm the fix by attempting to access a known internal resource via the htmltomarkdown module; the request should be blocked.

कैसे ठीक करेंअनुवाद हो रहा है…

Actualice el módulo MISP a la versión 3.0.7 o superior para mitigar la vulnerabilidad. Esta versión incluye validaciones de URL, bloqueo de direcciones locales y privadas, resolución de nombres de host antes de la obtención, tiempos de espera de solicitud y re-habilitación de la verificación de certificados TLS.

अक्सर पूछे जाने वाले सवालअनुवाद हो रहा है…

What is CVE-2026-44363 in misp-modules?

It's a Server-Side Request Forgery (SSRF) vulnerability in MISP Modules expansion, allowing attackers to access internal resources from the MISP server.

Am I affected by CVE-2026-44363 in misp-modules?

If you are using MISP Modules version 3.0.7 or earlier, you are potentially affected by this vulnerability. Check your MISP version immediately.

How do I fix CVE-2026-44363 in misp-modules?

Upgrade to a patched version of MISP Modules that includes the URL validation and access restriction fixes. Consider temporary workarounds like WAF rules if immediate upgrade isn't possible.

Is CVE-2026-44363 being actively exploited?

No public exploits are currently known, and it's not listed on CISA KEV. However, SSRF vulnerabilities are often targeted, so vigilance is important.

Where can I find the official misp-modules advisory for CVE-2026-44363?

Refer to the MISP security advisories and the official CVE entry for detailed information: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44363

क्या आपका प्रोजेक्ट प्रभावित है?

अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।

मुफ्त स्कैन करेंCVE खोजें
Python

इस CVE को अपने प्रोजेक्ट में पहचानें

अपनी requirements.txt फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।

requirements.txt अपलोड करेंसमर्थित प्रारूप: requirements.txt · Pipfile.lock
liveमुफ्त स्कैन

अपने Python प्रोजेक्ट को अभी स्कैन करें — कोई खाता नहीं

Upload your requirements.txt and get the vulnerability report instantly. No account. Uploading the file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.

मैनुअल स्कैनSlack/email अलर्टContinuous monitoringscanZone.capReports

अपनी डिपेंडेंसी फ़ाइल ड्रैग और ड्रॉप करें

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...