CVE•Published 2026-04-09•Modified 2026-06-22•1 article on news•5 live references•NVD data

CVE-2026-39962Misp-project · Misp

Vulnerability data via NVD (ingested)

CVSS v3.1

9.6

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS percentile

Exploit Prediction Scoring System · top 74% of all CVEs

Weaknesses (CWE)

CWE-90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Description

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled server variable instead of REMOTE_USER (such as in certain proxy setups). An attacker able to control that value can manipulate the LDAP search filter and potentially bypass authentication constraints or cause unauthorized LDAP queries. This vulnerability is fixed in 2.5.36.

Timeline

Published 2026-04-09

Modified 2026-06-22

External references

NVD MITRE Exploit-DB Sploitus VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2026-39962

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · product

product:"Misp-project Misp"

All exposed Misp-project Misp instances — cross-reference with the CVE's affected-version range.

Shodan · banner/body mention

http.html:"Misp"

HTTP body or banner mentions "Misp" — catches deploys Shodan didn't identify as a product.

More intel sources (5)

Shodan report

vuln:CVE-2026-39962