A vulnerability identified as critical has been detected in MISP up to 2.5.38 . This impacts the function UsersController::edit . This manipulation of the argument User.id causes improper privilege management. This vulnerability is tracked as CVE-2026-10868 . The attack is possible to be carried out remotely. No exploit exists. It is suggested to install a patch to address this issue.