CVE-2026-60125
Received Received - Intake

MISP Import Module Access Bypass via Module Name

Vulnerability report for CVE-2026-60125, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: 5a6e4751-2f3f-4070-9419-94fb35b644e8

Description

MISP’s importModule() path used getEnabledModule() to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules(). As a result, an authenticated user from an organisation that was not allowed to use a module restricted via Plugin.Import_<module>_restrict could still invoke that import module directly if they knew its name. This could allow unauthorised access to restricted import-module functionality and, depending on the module and the user’s event permissions, may allow unauthorised import or modification of event data through a module that should have been unavailable to the user’s organisation.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-08
AI Q&A
2026-07-08
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
misp misp to 0ed79b4d3177f4b9e44040962161a1a436d2587d (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in MISP's importModule() function, which uses getEnabledModule() to find a single import module by name. However, getEnabledModule() did not enforce the per-organization module restrictions that getEnabledModules() did. As a result, an authenticated user from an organization that was not allowed to use a restricted module could still directly invoke that module if they knew its name.

This means unauthorized users could access import modules that should have been restricted to their organization, potentially allowing them to import or modify event data through modules they should not have access to.

Compliance Impact

This vulnerability allows an authenticated user from one organisation to access import modules that are restricted to other organisations. Such unauthorized access could lead to unauthorized import or modification of event data.

Unauthorized access and modification of sensitive data can lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require strict access controls and protection of personal and sensitive information.

Therefore, this vulnerability potentially undermines compliance with these standards by allowing data access and modification beyond permitted boundaries.

Impact Analysis

The vulnerability can lead to unauthorized access to restricted import-module functionality within MISP. Depending on the specific module and the user's event permissions, this could allow unauthorized import or modification of event data.

This unauthorized access undermines the intended access controls, potentially compromising the integrity and confidentiality of event data managed by the platform.

Mitigation Strategies

To mitigate this vulnerability, update the MISP software to include the fix that enforces per-organization module restrictions in the getEnabledModule() function.

The fix modifies getEnabledModule() to accept an optional user parameter and applies the canUse() check to prevent unauthorized access to restricted import modules.

Ensure that your MISP instance is running the version that includes this patch to prevent authenticated users from invoking import modules they are not authorized to use.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-60125. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart