CVE-2026-62143
MISP · misp-modules
A Server-Side Request Forgery (SSRF) protection bypass exists in the html_to_markdown expansion module of misp-modules, allowing authenticated users to perform unauthorized network requests.
Executive summary
An SSRF vulnerability in the misp-modules expansion component allows authenticated attackers to bypass security controls and potentially probe internal network resources.
Vulnerability
This is a Server-Side Request Forgery (SSRF) vulnerability (CWE-918) within the html_to_markdown module. The application fails to adequately sanitize input, allowing an authenticated user with low privileges to force the server to make unauthorized requests to internal or external infrastructure.
Business impact
With a CVSS score of 8.3, this flaw enables attackers to bypass network perimeters, potentially exposing sensitive internal services or data that are not intended for public access. In a security platform like MISP, this could lead to the exposure of threat intelligence feeds or internal API credentials.
Remediation
Immediate Action: Upgrade misp-modules to a version beyond v3.0.8 or apply the fix provided in the referenced GitHub commit (3bae4108a3ba1e507727d5264697fd7303ba0b89).
Proactive Monitoring: Audit application logs for unusual outbound connection requests originating from the MISP server, particularly those targeting internal IP ranges.
Compensating Controls: Implement strict egress filtering on the MISP server to prevent it from initiating connections to unauthorized internal or sensitive external endpoints.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Administrators must prioritize this update as it involves the core threat-sharing infrastructure. Ensure that all module dependencies are updated and verify the integrity of the html_to_markdown module configuration post-patch.