A vulnerability classified as critical has been found in MISP up to 2.5.41 . Affected is an unknown function of the file /tmp/logs of the component PHP File Handler . This manipulation causes code injection. The identification of this vulnerability is CVE-2026-56446 . It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.