Auth bypass in Misp
CVE-2026-60125
MISP’s importModule() path used getEnabledModule() to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules(). As a result, an authenticated user from a…
Vulnerability class: Broken Access Control
Affected products
- Misp — versions 0