CVE-2026-8080

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.5.37

Description A stored cross-site scripting issue exists in the template element attribute handling logic. The application fails to validate arbitrary values for the TemplateElementAttribute type and category fields against known attribute type and category definitions. This allows an attacker with permissions to create or modify template element attributes to store a crafted type value. This issue specifically affects the old templating engine, which is no longer accessible in version 2.5.37 and is scheduled for removal in version 2.5.38.

Recommendations Update to version 2.5.37 or later.