A vulnerability classified as problematic has been found in MISP up to 2.5.38 . This issue affects the function UsersController::routeafterlogin . The manipulation of the argument pre_login_requested_url leads to open redirect. This vulnerability is traded as CVE-2026-10861 . It is possible to initiate the attack remotely. There is no exploit available. To fix this issue, it is recommended to deploy a patch.