Authorization Bypass in MISP EventsController for Event Data Modification
CVE-2026-60124
5.3MEDIUM
What is CVE-2026-60124?
A security vulnerability in MISP's EventsController allows authenticated users and read-only API keys to modify event data, potentially jeopardizing the integrity of MISP event content. Specifically, the import module did not check for proper event modification rights before saving outputs in the misp_standard format. As a result, users with restricted access could inject or alter event data, leading to unauthorized changes. This issue has been mitigated by implementing necessary checks to validate user permissions before processing imports, ensuring that only authorized personnel can modify event information.
Affected Version(s)
misp 0 <= 2.5.42
References
CVSS V4
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Sami Mokaddem
Berk Polat
Claude Opus 4.8 (1M context) aka Claudy
