High severity7.2OSV Advisory· Published Feb 12, 2018· Updated Jun 22, 2026
CVE-2018-6926
CVE-2018-6926
Description
In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by the setting being only accessible to the site administrator.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/MISP/MISP/commit/0a2aa9d52492d960b9a161160acedbe9caaa4126nvdPatchThird Party Advisory
News mentions
0No linked articles in our index yet.