CVE-2026-62143

MISP · misp-modules

A Server-Side Request Forgery (SSRF) protection bypass exists in the html_to_markdown expansion module of misp-modules, allowing authenticated users to perform unauthorized network requests.

Executive summary

An SSRF vulnerability in the misp-modules expansion component allows authenticated attackers to bypass security controls and potentially probe internal network resources.

Vulnerability

This is a Server-Side Request Forgery (SSRF) vulnerability (CWE-918) within the html_to_markdown module. The application fails to adequately sanitize input, allowing an authenticated user with low privileges to force the server to make unauthorized requests to internal or external infrastructure.

Business impact

With a CVSS score of 8.3, this flaw enables attackers to bypass network perimeters, potentially exposing sensitive internal services or data that are not intended for public access. In a security platform like MISP, this could lead to the exposure of threat intelligence feeds or internal API credentials.

Remediation

Immediate Action: Upgrade misp-modules to a version beyond v3.0.8 or apply the fix provided in the referenced GitHub commit (3bae4108a3ba1e507727d5264697fd7303ba0b89).

Proactive Monitoring: Audit application logs for unusual outbound connection requests originating from the MISP server, particularly those targeting internal IP ranges.

Compensating Controls: Implement strict egress filtering on the MISP server to prevent it from initiating connections to unauthorized internal or sensitive external endpoints.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Administrators must prioritize this update as it involves the core threat-sharing infrastructure. Ensure that all module dependencies are updated and verify the integrity of the html_to_markdown module configuration post-patch.