Cti Transmute
Monthly
Stored XSS in MISP CTI Transmute's notification bell dropdown allows an attacker who can control convert names to inject arbitrary JavaScript that executes in authenticated users' browsers upon opening the notification panel. The vulnerability, tracked as EUVD-2026-32728 and reported by CIRCL, stems from innerHTML-based rendering of user-controlled notification content in base.html and affects all versions prior to upstream commit cf42409 - critically, only on the development branch, not production releases. No public exploit has been identified at time of analysis; the CVSS 4.0 score of 6.3 with AT:P reflects that exploitation requires the attacker to first influence a convert name surfaced in a notification.
Stored XSS in MISP CTI Transmute's notification bell dropdown allows an attacker who can control convert names to inject arbitrary JavaScript that executes in authenticated users' browsers upon opening the notification panel. The vulnerability, tracked as EUVD-2026-32728 and reported by CIRCL, stems from innerHTML-based rendering of user-controlled notification content in base.html and affects all versions prior to upstream commit cf42409 - critically, only on the development branch, not production releases. No public exploit has been identified at time of analysis; the CVSS 4.0 score of 6.3 with AT:P reflects that exploitation requires the attacker to first influence a convert name surfaced in a notification.