CVE-2026-44364: CSRF in MISP Modules Website

The primary impact of CVE-2026-44364 lies in the potential for unauthorized modification of session query data. An attacker could craft a malicious request, disguised as a legitimate action from an authenticated user, to alter this data. This could lead to a variety of consequences, depending on the nature of the session query data and how it's used by the MISP Modules system. For example, an attacker might be able to manipulate search queries, alter reporting parameters, or even modify user configurations. The ability to modify session data elevates the risk of data breaches and system compromise, particularly if the affected user possesses elevated privileges within the MISP environment. While the vulnerability targets the 'home' endpoint, the potential for cascading effects through related modules and integrations should be considered.

1. 已保留2026-05-05
2. 发布日期2026-05-13

The recommended mitigation for CVE-2026-44364 is to immediately upgrade MISP Modules to a patched version where the vulnerability has been addressed. The fix involves enabling CSRF protection for the blueprint that was previously exempted. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the 'home' endpoint or implementing stricter input validation on session query parameters. While not a complete solution, these measures can reduce the attack surface. Monitor web application firewalls (WAFs) for suspicious requests targeting the 'home' endpoint. After upgrading, confirm the fix by attempting to submit a crafted CSRF request and verifying that it is blocked by the implemented CSRF protection.