A vulnerability has been found in MISP up to 2.5.39 and classified as problematic . This affects the function json_encode of the component JavaScript Handler . This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-54395 . The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.