Security Risk Severity

Medium Security Risks

Published vulnerability pages grouped by medium severity. Use this page to review risks that need similar prioritization.

Medium severity

Showing 2 of 2 published risks.

medium

aerostack-mcp WhatsApp Media URL SSRF Vulnerability

A security vulnerability has been detected in aerostackdev aerostack-mcp up to 6315dfde7df0a15aaf743f88d91347115e09ba23. Affected by this issue is the function upload_media of the component mcp-whatsapp. Such manipulation of the argument media_url leads to server-side request forgery. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-15189mcpssrfaerostack-mcp

Updated Jul 9, 2026

medium

MISP Attribute Sharing Group Authorization Bypass Vulnerability

An improper authorization check in MISP’s attribute creation endpoint allowed an authenticated user with permission to add attributes to submit a sharing_group_id without triggering the corresponding sharing group authorization check, as long as the attribute distribution value was not explicitly set to 4 — “sharing group”. As a result, a user could reference or associate an attribute with a sharing group they were not authorized to use. This could lead to an access-control bypass affecting the integrity of attribute sharing metadata and potentially expose or misuse restricted sharing group relationships. The patch changes the authorization logic so that the sharing group permission check is performed whenever a non-empty sharing_group_id is provided, regardless of the selected distribution value.

CVE-2026-61474misp

Updated Jul 9, 2026