CVE-2026-44363

Name of the Vulnerable Software and Affected Versions MISP Modules versions prior to 3.0.7

Description Unsafe remote resource fetching exists in expansion modules. The html to markdown module accepts arbitrary HTTP(S) URLs without sufficient validation, enabling Server-Side Request Forgery (SSRF)—a technique where an attacker forces a server to make requests to an unintended location—against loopback, private, or link-local network resources. Furthermore, the qrcode module disables TLS certificate verification when retrieving remote images, which exposes requests to man-in-the-middle interception or response tampering.

Recommendations Update to version 3.0.7.