Auth bypass in Misp

CVE-2026-60124

An authorization bypass in MISP’s EventsController::importModule() allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results i…

Vulnerability class: Broken Access Control

Affected products

Weakness classification (CWE)

References