Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-56446
Analyzed
More InfoOfficial Page
Source-5a6e4751-2f3f-4070-9419-94fb35b644e8
View Known Exploited Vulnerability (KEV) details
Published At-22 Jun, 2026 | 14:17
Updated At-23 Jun, 2026 | 14:15

MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can include attacker-controlled content, an authenticated attacker with site administrator privileges could direct log output to a PHP file in a web-accessible directory and inject PHP code through logged data. Accessing the resulting file could lead to remote code execution with the privileges of the web server process. The fix restricts log destinations to existing directories beneath APP/tmp/logs or /var/log, requires absolute paths, rejects stream wrappers and traversal-related input, and limits filenames to .log or .ndjson extensions while disallowing executable extension segments.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
misp-project
misp-project
>>misp>>Versions before 2.5.42(exclusive)
cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Secondary5a6e4751-2f3f-4070-9419-94fb35b644e8
CWE ID: CWE-94
Type: Secondary
Source: 5a6e4751-2f3f-4070-9419-94fb35b644e8
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/MISP/MISP/commit/9600d486ccfc98388e13897fd954350cebac5fb05a6e4751-2f3f-4070-9419-94fb35b644e8
Patch
Hyperlink: https://github.com/MISP/MISP/commit/9600d486ccfc98388e13897fd954350cebac5fb0
Source: 5a6e4751-2f3f-4070-9419-94fb35b644e8
Resource:
Patch
Change History
0Changes found
Details not found