Auth bypass in Misp

CVE-2026-60125

MISP’s importModule() path used getEnabledModule() to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules(). As a result, an authenticated user from a…

Vulnerability class: Broken Access Control

Affected products

Weakness classification (CWE)

References