CVE-2026-44380

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.5.37

Description Improper access control in the authentication key reset functionality allows an authenticated organization administrator to reset authentication keys of site administrator accounts within the same organization. Since non-site administrators are not explicitly restricted from this action, an attacker with organization administrator privileges can obtain a newly generated authentication key for a higher-privileged account to escalate privileges.

Recommendations Update to version 2.5.37.