{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-54358/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-12T19:34:49.259Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-54358","@id":"https://www.cve.org/CVERecord?id=CVE-2026-54358","description":"An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own organization, but did not exclude accounts assigned a site administrator role from recipient queries. As a result, an organization administrator could perform privileged account-management actions, such as init"},"products":[{"@id":"cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 2.5.40.","timestamp":"2026-06-12T19:34:49.259Z"}]}