Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-10611

An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticated session established during the application beforeFilter phase before the normal login flow enforces the OTP challenge. As a result, an attacker with valid primary authentication credentials could bypass the required OTP step by authenticating through the plugin-backed login flow and then directly accessing another application URL instead of completing the OTP verification page. This allows access to the application as the affected user without providing a valid TOTP, HOTP, or email OTP code. The issue affects configurations where plugin-based authentication is enabled and OTP is expected to be mandatory. The fix ensures that OTP requirements are checked immediately after plugin authentication and before the user session is established, redirecting users to the appropriate OTP challenge when required.

Ver en NVD

Análisis

Esta vulnerabilidad crítica en MISP permite a un atacante con credenciales primarias válidas evadir por completo el segundo factor de autenticación (OTP) en configuraciones con LDAP. Al aprovechar un fallo en el orden de los filtros de sesión, es posible acceder directamente a las rutas internas de la aplicación sin realizar la verificación de seguridad obligatoria. Con una puntuación CVSS de 10.0, representa un riesgo máximo para la integridad de las plataformas de inteligencia de amenazas.

Roles relevantes

PhpCyberSecurityBackendLinuxDocker

Severidad

Puntaje: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-287NVD-CWE-noinfo

EPSS

Probabilidad de explotación (próx. 30 días): 0.0036 (0.4%)
Percentil: 27.6%
EPSS: 2026-06-15

Afecta

misp:misp

Descripción técnica

An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticated session established during the application beforeFilter phase before the normal login flow enforces the OTP challenge. As a result, an attacker with valid primary authentication credentials could bypass the required OTP step by authenticating through the plugin-backed login flow and then directly accessing another application URL instead of completing the OTP verification page. This allows access to the application as the affected user without providing a valid TOTP, HOTP, or email OTP code. The issue affects configurations where plugin-based authentication is enabled and OTP is expected to be mandatory. The fix ensures that OTP requirements are checked immediately after plugin authentication and before the user session is established, redirecting users to the appropriate OTP challenge when required.

Publicada: 2/6/2026, 14:16:44
Última modificación: 16/6/2026, 1:29:40

Referencias

InicioEventosBlogRecursosEquipo