A vulnerability identified as problematic has been detected in MISP up to 2.5.39 . This vulnerability affects the function setSettingInternal of the file app/View/News/index.ctp of the component setHomePage Endpoint . This manipulation causes cross site scripting. This vulnerability appears as CVE-2026-54393 . The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.