Misp · Misp · CVE-2026-8080
**Name of the Vulnerable Software and Affected Versions**
MISP versions prior to 2.5.37
**Description**
A stored cross-site scripting issue exists in the template element attribute handling logic. The application fails to validate arbitrary values for the `TemplateElementAttribute` type and category fields against known attribute type and category definitions. This allows an attacker with permissions to create or modify template element attributes to store a crafted type value. This issue specifically affects the old templating engine, which is no longer accessible in version 2.5.37 and is scheduled for removal in version 2.5.38.
**Recommendations**
Update to version 2.5.37 or later.