What is GHSA-5895-8h7c-2833?

GHSA-5895-8h7c-2833 is a security advisory published by GitHub Security Advisories with Medium severity. MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing...

Which CVE IDs does GHSA-5895-8h7c-2833 cover?

GHSA-5895-8h7c-2833 covers the following CVE IDs: CVE-2026-9084. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

GHSA-5895-8h7c-2833Medium

MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing...

Vendor

GitHub Security Advisories

Published

May 20, 2026

Last Modified

May 20, 2026

🔗 CVE IDs covered (1)

CVE-2026-9084 →

📋 Description

MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid OIDC token could assert a victim’s email address and authenticate as that user, leading to account takeover.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-9084
https://github.com/MISP/MISP/commit/71f5662c1b5886613d2cd5c72fd93bb4ca6fa172
https://github.com/advisories/GHSA-5895-8h7c-2833