{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39962", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-07T22:40:33.822Z", "datePublished": "2026-04-09T16:37:38.880Z", "dateUpdated": "2026-04-09T16:37:38.880Z"}, "containers": {"cna": {"title": "LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable", "problemTypes": [{"descriptions": [{"cweId": "CWE-90", "lang": "en", "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H", "version": "4.0"}}], "references": [{"name": "https://github.com/MISP/MISP/security/advisories/GHSA-mc53-48w8-9g63", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/MISP/MISP/security/advisories/GHSA-mc53-48w8-9g63"}, {"name": "https://github.com/MISP/MISP/commit/380ee4136a7d9ce2fe63fce06d517839f30aba10", "tags": ["x_refsource_MISC"], "url": "https://github.com/MISP/MISP/commit/380ee4136a7d9ce2fe63fce06d517839f30aba10"}, {"name": "https://github.com/MISP/MISP/commit/d7d671ea8f5822e91207dcad2003c35c30092a32", "tags": ["x_refsource_MISC"], "url": "https://github.com/MISP/MISP/commit/d7d671ea8f5822e91207dcad2003c35c30092a32"}, {"name": "https://github.com/MISP/MISP/releases/tag/v2.5.36", "tags": ["x_refsource_MISC"], "url": "https://github.com/MISP/MISP/releases/tag/v2.5.36"}], "affected": [{"vendor": "MISP", "product": "MISP", "versions": [{"version": "< 2.5.36", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-09T16:37:38.880Z"}, "descriptions": [{"lang": "en", "value": "MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled server variable instead of REMOTE_USER (such as in certain proxy setups). An attacker able to control that value can manipulate the LDAP search filter and potentially bypass authentication constraints or cause unauthorized LDAP queries. This vulnerability is fixed in 2.5.36."}], "source": {"advisory": "GHSA-mc53-48w8-9g63", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled server variable instead of REMOTE_USER (such as in certain proxy setups). An attacker able to control that value can manipulate the LDAP search filter and potentially bypass authentication constraints or cause unauthorized LDAP queries. This vulnerability is fixed in 2.5.36."}], "id": "CVE-2026-39962", "lastModified": "2026-04-09T17:16:30.600", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-09T17:16:30.600", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/MISP/MISP/commit/380ee4136a7d9ce2fe63fce06d517839f30aba10"}, {"source": "security-advisories@github.com", "url": "https://github.com/MISP/MISP/commit/d7d671ea8f5822e91207dcad2003c35c30092a32"}, {"source": "security-advisories@github.com", "url": "https://github.com/MISP/MISP/releases/tag/v2.5.36"}, {"source": "security-advisories@github.com", "url": "https://github.com/MISP/MISP/security/advisories/GHSA-mc53-48w8-9g63"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-90"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.5.36)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "MISP", "source": "cna", "vendor": "MISP"}, "product": "misp", "vendor": "misp"}], "analysis": {"en": {"generated_at": "2026-04-09T18:23:44.631527+00:00", "value": {"mitigation_remediation": ["Upgrade MISP to version 2.5.36 or later. ", "Configure ApacheAuthenticate.apacheEnv to use the immutable REMOTE_USER variable and avoid user-controllable variables. ", "Monitor HTTP environment variables for unexpected values and audit LDAP query logs for anomalies."], "summary": {"action": "Immediate Patch", "impact": "LDAP injection that may bypass authentication or perform unauthorized LDAP queries"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the MISP threat intelligence platform. Versions prior to 2.5.36 of MISP are impacted. The issue arises in the ApacheAuthenticate component when ApacheAuthenticate.apacheEnv is configured to use a user\u2011controlled environment variable instead of the default REMOTE_USER used in typical proxy setups.", "description_and_impact": "A false LDAP search filter can be constructed when a user-controlled Apache environment variable is used to supply the username. The resulting injection could bypass authentication checks or retrieve sensitive LDAP information. The weakness is a classic LDAP injection, identified as CWE\u201190, resulting in potential loss of confidentiality or integrity for data stored in the directory.", "risk_and_exploitability": "The CVSS score of 8.8 classifies this flaw as high. Although an EPSS score is not available, the attack vector is clearly external: an attacker who can control the specified Apache variable may influence the LDAP query. Because the vulnerability is not listed in the CISA KEV catalog, no public exploit is known, but the high severity and external nature warrant immediate attention."}}}}, "created": "2026-04-10T08:52:56.960627+00:00", "updated": "2026-04-10T09:32:08.876142+00:00", "vendors": ["misp", "misp$PRODUCT$misp"]}