CVE-2026-60124 MISP importModule missing authorization allows read-only users to modify events via misp_standard imports
An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...