CVEFinder.io

CVE-2026-44379

🔶 medium
🔍 Scan for this CVE
Summary

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues or unexpected behaviour in code paths that assume Collection UUIDs are valid identifiers. This vulnerability is fixed in 2.5.37.

CVSS Score
5.3
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-13
First Seen: 2026-05-17
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.7% of all 327,350 vulnerabilities in our database.

#262,724
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 14, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-05-15
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS Vector 4.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)

📦 Affected Products 1

🔗 References 2

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-10854 🔶 medium 4.3 0.0 A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxi... 2026-06-04
CVE-2026-10855 🔶 medium 4.3 0.0 An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template i... 2026-06-04
CVE-2026-10856 🔶 medium 6.1 0.0 A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a loc... 2026-06-04
CVE-2026-10861 🔶 medium 6.1 0.0 An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_lo... 2026-06-04
CVE-2026-10860 🔶 medium 6.5 0.0 A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used th... 2026-06-04
CVE-2026-10863 ⚠️ high 8.1 0.0 A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted fr... 2026-06-04
These CVEs affect the same products