CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-56446

MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can include attacker-controlled content, an authenticated attacker with site administrator privileges could direct log output to a PHP file in a web-accessible directory and inject PHP code through logged data. Accessing the resulting file could lead to remote code execution with the privileges of the web server process. The fix restricts log destinations to existing directories beneath APP/tmp/logs or /var/log, requires absolute paths, rejects stream wrappers and traversal-related input, and limits filenames to .log or .ndjson extensions while disallowing executable extension segments.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 22.2%

CVSS Severity

CVSS v3 Score 7.2

References

https://github.com/MISP/MISP/commit/9600d486ccfc98388e13897fd954350cebac5fb0

Products affected by CVE-2026-56446

Misp-Project » Misp » Version: N/A

cpe:2.3:a:misp-project:misp:-
Misp-Project » Misp » Version: 0.1

cpe:2.3:a:misp-project:misp:0.1
Misp-Project » Misp » Version: 0.2

cpe:2.3:a:misp-project:misp:0.2
Misp-Project » Misp » Version: 2.1

cpe:2.3:a:misp-project:misp:2.1
Misp-Project » Misp » Version: 2.1.18

cpe:2.3:a:misp-project:misp:2.1.18
Misp-Project » Misp » Version: 2.2.1

cpe:2.3:a:misp-project:misp:2.2.1
Misp-Project » Misp » Version: 2.2.2

cpe:2.3:a:misp-project:misp:2.2.2
Misp-Project » Misp » Version: 2.3.0

cpe:2.3:a:misp-project:misp:2.3.0
Misp-Project » Misp » Version: 2.3.100

cpe:2.3:a:misp-project:misp:2.3.100
Misp-Project » Misp » Version: 2.3.101

cpe:2.3:a:misp-project:misp:2.3.101
Misp-Project » Misp » Version: 2.3.102

cpe:2.3:a:misp-project:misp:2.3.102
Misp-Project » Misp » Version: 2.3.103

cpe:2.3:a:misp-project:misp:2.3.103
Misp-Project » Misp » Version: 2.3.104

cpe:2.3:a:misp-project:misp:2.3.104
Misp-Project » Misp » Version: 2.3.105

cpe:2.3:a:misp-project:misp:2.3.105
Misp-Project » Misp » Version: 2.3.106

cpe:2.3:a:misp-project:misp:2.3.106
Misp-Project » Misp » Version: 2.3.14

cpe:2.3:a:misp-project:misp:2.3.14
Misp-Project » Misp » Version: 2.3.15

cpe:2.3:a:misp-project:misp:2.3.15
Misp-Project » Misp » Version: 2.3.16

cpe:2.3:a:misp-project:misp:2.3.16
Misp-Project » Misp » Version: 2.3.17

cpe:2.3:a:misp-project:misp:2.3.17
Misp-Project » Misp » Version: 2.3.18

cpe:2.3:a:misp-project:misp:2.3.18
Misp-Project » Misp » Version: 2.3.19

cpe:2.3:a:misp-project:misp:2.3.19
Misp-Project » Misp » Version: 2.3.20

cpe:2.3:a:misp-project:misp:2.3.20
Misp-Project » Misp » Version: 2.3.21

cpe:2.3:a:misp-project:misp:2.3.21
Misp-Project » Misp » Version: 2.3.22

cpe:2.3:a:misp-project:misp:2.3.22
Misp-Project » Misp » Version: 2.3.23

cpe:2.3:a:misp-project:misp:2.3.23
Misp-Project » Misp » Version: 2.3.24

cpe:2.3:a:misp-project:misp:2.3.24
Misp-Project » Misp » Version: 2.3.25

cpe:2.3:a:misp-project:misp:2.3.25
Misp-Project » Misp » Version: 2.3.26

cpe:2.3:a:misp-project:misp:2.3.26
Misp-Project » Misp » Version: 2.3.27

cpe:2.3:a:misp-project:misp:2.3.27
Misp-Project » Misp » Version: 2.3.28

cpe:2.3:a:misp-project:misp:2.3.28
Misp-Project » Misp » Version: 2.3.29

cpe:2.3:a:misp-project:misp:2.3.29
Misp-Project » Misp » Version: 2.3.30

cpe:2.3:a:misp-project:misp:2.3.30
Misp-Project » Misp » Version: 2.3.31

cpe:2.3:a:misp-project:misp:2.3.31
Misp-Project » Misp » Version: 2.3.32

cpe:2.3:a:misp-project:misp:2.3.32
Misp-Project » Misp » Version: 2.3.33

cpe:2.3:a:misp-project:misp:2.3.33
Misp-Project » Misp » Version: 2.3.34

cpe:2.3:a:misp-project:misp:2.3.34
Misp-Project » Misp » Version: 2.3.35

cpe:2.3:a:misp-project:misp:2.3.35
Misp-Project » Misp » Version: 2.3.36

cpe:2.3:a:misp-project:misp:2.3.36
Misp-Project » Misp » Version: 2.3.37

cpe:2.3:a:misp-project:misp:2.3.37
Misp-Project » Misp » Version: 2.3.38

cpe:2.3:a:misp-project:misp:2.3.38
Misp-Project » Misp » Version: 2.3.39

cpe:2.3:a:misp-project:misp:2.3.39
Misp-Project » Misp » Version: 2.3.40

cpe:2.3:a:misp-project:misp:2.3.40
Misp-Project » Misp » Version: 2.3.41

cpe:2.3:a:misp-project:misp:2.3.41
Misp-Project » Misp » Version: 2.3.42

cpe:2.3:a:misp-project:misp:2.3.42
Misp-Project » Misp » Version: 2.3.43

cpe:2.3:a:misp-project:misp:2.3.43
Misp-Project » Misp » Version: 2.3.44

cpe:2.3:a:misp-project:misp:2.3.44
Misp-Project » Misp » Version: 2.3.45

cpe:2.3:a:misp-project:misp:2.3.45
Misp-Project » Misp » Version: 2.3.46

cpe:2.3:a:misp-project:misp:2.3.46
Misp-Project » Misp » Version: 2.3.47

cpe:2.3:a:misp-project:misp:2.3.47
Misp-Project » Misp » Version: 2.3.48

cpe:2.3:a:misp-project:misp:2.3.48
Misp-Project » Misp » Version: 2.3.49

cpe:2.3:a:misp-project:misp:2.3.49
Misp-Project » Misp » Version: 2.3.50

cpe:2.3:a:misp-project:misp:2.3.50
Misp-Project » Misp » Version: 2.3.51

cpe:2.3:a:misp-project:misp:2.3.51
Misp-Project » Misp » Version: 2.3.52

cpe:2.3:a:misp-project:misp:2.3.52
Misp-Project » Misp » Version: 2.3.53

cpe:2.3:a:misp-project:misp:2.3.53
Misp-Project » Misp » Version: 2.3.54

cpe:2.3:a:misp-project:misp:2.3.54
Misp-Project » Misp » Version: 2.3.55

cpe:2.3:a:misp-project:misp:2.3.55
Misp-Project » Misp » Version: 2.3.56

cpe:2.3:a:misp-project:misp:2.3.56
Misp-Project » Misp » Version: 2.3.57

cpe:2.3:a:misp-project:misp:2.3.57
Misp-Project » Misp » Version: 2.3.58

cpe:2.3:a:misp-project:misp:2.3.58
Misp-Project » Misp » Version: 2.3.59

cpe:2.3:a:misp-project:misp:2.3.59
Misp-Project » Misp » Version: 2.3.60

cpe:2.3:a:misp-project:misp:2.3.60
Misp-Project » Misp » Version: 2.3.61

cpe:2.3:a:misp-project:misp:2.3.61
Misp-Project » Misp » Version: 2.3.62

cpe:2.3:a:misp-project:misp:2.3.62
Misp-Project » Misp » Version: 2.3.63

cpe:2.3:a:misp-project:misp:2.3.63
Misp-Project » Misp » Version: 2.3.64

cpe:2.3:a:misp-project:misp:2.3.64
Misp-Project » Misp » Version: 2.3.65

cpe:2.3:a:misp-project:misp:2.3.65
Misp-Project » Misp » Version: 2.3.66

cpe:2.3:a:misp-project:misp:2.3.66
Misp-Project » Misp » Version: 2.3.67

cpe:2.3:a:misp-project:misp:2.3.67
Misp-Project » Misp » Version: 2.3.68

cpe:2.3:a:misp-project:misp:2.3.68
Misp-Project » Misp » Version: 2.3.69

cpe:2.3:a:misp-project:misp:2.3.69
Misp-Project » Misp » Version: 2.3.70

cpe:2.3:a:misp-project:misp:2.3.70
Misp-Project » Misp » Version: 2.3.71

cpe:2.3:a:misp-project:misp:2.3.71
Misp-Project » Misp » Version: 2.3.72

cpe:2.3:a:misp-project:misp:2.3.72
Misp-Project » Misp » Version: 2.3.73

cpe:2.3:a:misp-project:misp:2.3.73
Misp-Project » Misp » Version: 2.3.74

cpe:2.3:a:misp-project:misp:2.3.74
Misp-Project » Misp » Version: 2.3.75

cpe:2.3:a:misp-project:misp:2.3.75
Misp-Project » Misp » Version: 2.3.76

cpe:2.3:a:misp-project:misp:2.3.76
Misp-Project » Misp » Version: 2.3.77

cpe:2.3:a:misp-project:misp:2.3.77
Misp-Project » Misp » Version: 2.3.78

cpe:2.3:a:misp-project:misp:2.3.78
Misp-Project » Misp » Version: 2.3.79

cpe:2.3:a:misp-project:misp:2.3.79
Misp-Project » Misp » Version: 2.3.80

cpe:2.3:a:misp-project:misp:2.3.80
Misp-Project » Misp » Version: 2.3.81

cpe:2.3:a:misp-project:misp:2.3.81
Misp-Project » Misp » Version: 2.3.82

cpe:2.3:a:misp-project:misp:2.3.82
Misp-Project » Misp » Version: 2.3.83

cpe:2.3:a:misp-project:misp:2.3.83
Misp-Project » Misp » Version: 2.3.84

cpe:2.3:a:misp-project:misp:2.3.84
Misp-Project » Misp » Version: 2.3.85

cpe:2.3:a:misp-project:misp:2.3.85
Misp-Project » Misp » Version: 2.3.87

cpe:2.3:a:misp-project:misp:2.3.87
Misp-Project » Misp » Version: 2.3.88

cpe:2.3:a:misp-project:misp:2.3.88
Misp-Project » Misp » Version: 2.3.89

cpe:2.3:a:misp-project:misp:2.3.89
Misp-Project » Misp » Version: 2.3.90

cpe:2.3:a:misp-project:misp:2.3.90
Misp-Project » Misp » Version: 2.3.91

cpe:2.3:a:misp-project:misp:2.3.91
Misp-Project » Misp » Version: 2.3.92

cpe:2.3:a:misp-project:misp:2.3.92
Misp-Project » Misp » Version: 2.3.93

cpe:2.3:a:misp-project:misp:2.3.93
Misp-Project » Misp » Version: 2.3.94

cpe:2.3:a:misp-project:misp:2.3.94
Misp-Project » Misp » Version: 2.3.95

cpe:2.3:a:misp-project:misp:2.3.95
Misp-Project » Misp » Version: 2.3.96

cpe:2.3:a:misp-project:misp:2.3.96
Misp-Project » Misp » Version: 2.3.97

cpe:2.3:a:misp-project:misp:2.3.97
Misp-Project » Misp » Version: 2.3.98

cpe:2.3:a:misp-project:misp:2.3.98
Misp-Project » Misp » Version: 2.3.99

cpe:2.3:a:misp-project:misp:2.3.99
Misp-Project » Misp » Version: 2.4.139

cpe:2.3:a:misp-project:misp:2.4.139
Misp-Project » Misp » Version: 2.4.167

cpe:2.3:a:misp-project:misp:2.4.167
Misp-Project » Misp » Version: 2.5.40

cpe:2.3:a:misp-project:misp:2.5.40
Misp-Project » Misp » Version: 2.5.41

cpe:2.3:a:misp-project:misp:2.5.41

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-56446

Products

Pricing

Contact Us