🔐 CVE Alert

CVE-2026-60124

UNKNOWN 0.0

MISP importModule missing authorization allows read-only users to modify events via misp_standard imports

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

An authorization bypass in MISP’s EventsController::importModule() allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the misp_standard format, the write path did not verify event modification rights before saving the module output. This could allow a view-only user to inject or alter event data, impacting the integrity of MISP event content. The issue was fixed by enforcing the same modification-rights check used by related module result handling paths before processing misp_standard imports.

CWE CWE-862
Vendor misp
Product misp
Published Jul 8, 2026
Last Updated Jul 8, 2026
Stay Ahead of the Next One

Get instant alerts for misp misp

Be the first to know when new unknown vulnerabilities affecting misp misp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

misp / misp
0 ≤ 2.5.42

References

NVD ↗ CVE.org ↗ EPSS Data ↗
github.com: https://github.com/MISP/MISP/commit/d0725fc34fda256cc57e5a8f0543cd541033e008

Credits

Sami Mokaddem Berk Polat Claude Opus 4.8 (1M context) aka Claudy