Skip to main content

MISP EUVDEUVD-2026-42239

| CVE-2026-60124 MEDIUM
Missing Authorization (CWE-862)
2026-07-08 5a6e4751-2f3f-4070-9419-94fb35b644e8 GHSA-frwx-j879-pmqv
5.3
CVSS 4.0 · Vendor: 5a6e4751-2f3f-4070-9419-94fb35b644e8
Share

Severity by source

Vendor (5a6e4751-2f3f-4070-9419-94fb35b644e8) PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.3 MEDIUM

Low-privilege authentication required (read-only API key); no scope change; impact limited to event data integrity with no confidentiality or availability loss.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

Primary rating from Vendor (5a6e4751-2f3f-4070-9419-94fb35b644e8).

CVSS VectorVendor: 5a6e4751-2f3f-4070-9419-94fb35b644e8

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 08, 2026 - 15:22 vuln.today

DescriptionCVE.org

An authorization bypass in MISP’s EventsController::importModule() allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the misp_standard format, the write path did not verify event modification rights before saving the module output. This could allow a view-only user to inject or alter event data, impacting the integrity of MISP event content. The issue was fixed by enforcing the same modification-rights check used by related module result handling paths before processing misp_standard imports.

AnalysisAI

Authorization bypass in MISP's EventsController::importModule() allows authenticated users or read-only API key holders with event view access to persist unauthorized data modifications to events. When an import module returns results in the misp_standard format, the write path skips the modification-rights check applied by all other module result handling paths, allowing a view-only principal to inject or overwrite event content they have no permission to edit. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain read-only API key or session
Delivery
Invoke EventsController::importModule() on target event
Exploit
Return misp_standard-format results from import module
Execution
Write path skips modification-rights check
Persist
Unauthorized event data persisted
Impact
Threat intelligence integrity compromised

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated session or a valid read-only API key with event view access on the target MISP instance - unauthenticated access is insufficient. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 5.3 (AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N) accurately reflects a medium-severity integrity-only flaw requiring low-privilege authentication. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a legitimate read-only API key - obtained through standard registration, credential theft, or insider access - authenticates to a MISP instance and invokes an import module that returns results in the misp_standard format. Because the write path does not verify modification rights for this format, the module output is persisted to the target event, allowing the attacker to inject false indicators, alter existing threat intelligence entries, or corrupt event metadata on events they have no write permission to modify.
Remediation Update MISP to a version incorporating commit d0725fc34fda256cc57e5a8f0543cd541033e008 - the exact first patched release tag is not independently confirmed from available data, so administrators should verify against the MISP release changelog and upgrade to the latest available release beyond 2.5.42. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42239 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy