A vulnerability was found in MISP up to 2.5.41 and classified as critical . This issue affects the function EventReportsController::deleteSelection relied . The manipulation of the argument User results in missing authorization. This vulnerability is cataloged as CVE-2026-56423 . The attack may be launched remotely. There is no exploit available. It is advisable to implement a patch to correct this issue.