CVE-2026-10856 — A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an external URL. The validation r — CVE Database · The Intelligence Room