Auth bypass in Misp
CVE-2026-60124
An authorization bypass in MISP’s EventsController::importModule() allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results i…
Vulnerability class: Broken Access Control
Affected products
- Misp — versions 0