Access Control Vulnerability in MISP Affecting Import Module Functionality
CVE-2026-60125

5.3MEDIUM

Key Information:

Vendor

Misp

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-60125?

The MISP platform has a vulnerability in its import module management due to improper enforcement of module restrictions based on user organization. Authenticated users from organizations without permission to use certain import modules can still invoke these restricted modules, provided they know the specific module names. This breach could lead to unauthorized access and possible manipulation of event data, thereby compromising the integrity of the system's security protocols.

Affected Version(s)

misp 0 <= 2.5.42

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sami Mokaddem
Berk Polat
Claude Opus 4.8 (1M context) aka Claudy
.