A vulnerability has been found in MISP up to 2.5.42 and classified as critical. The impacted element is an unknown function of the component Attribute Creation Endpoint. The manipulation of the argument sharing_group_id leads to improper authorization.

This vulnerability is traded as CVE-2026-61474. It is possible to initiate the attack remotely. There is no exploit available.