CVE-2026-44364

Name of the Vulnerable Software and Affected Versions MISP modules versions 3.0.7 and earlier

Description A Cross-Site Request Forgery (CSRF) issue in the MISP Modules website allows an attacker to trick an authenticated user into submitting unintended requests to the "/home" endpoint. This occurs because the home blueprint is exempted from CSRF protection, potentially enabling the modification of session query data within the authenticated user's context.

Recommendations Update to a version later than 3.0.7 to enable CSRF protection for the affected blueprint and implement hardened query parsing.