Access Control Vulnerability in MISP Affecting Import Module Functionality
CVE-2026-60125
5.3MEDIUM
What is CVE-2026-60125?
The MISP platform has a vulnerability in its import module management due to improper enforcement of module restrictions based on user organization. Authenticated users from organizations without permission to use certain import modules can still invoke these restricted modules, provided they know the specific module names. This breach could lead to unauthorized access and possible manipulation of event data, thereby compromising the integrity of the system's security protocols.
Affected Version(s)
misp 0 <= 2.5.42
References
CVSS V4
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Sami Mokaddem
Berk Polat
Claude Opus 4.8 (1M context) aka Claudy
