CVE Catalog

CVE-2026-42543

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Summary

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method `GET` to change state on the server.

Risk Assessment

An attacker could exploit this vulnerability to make unauthorized changes to the system, potentially leading to serious data security consequences.

Recommendation

It is recommended to upgrade to version 2.4.28 or later to patch this vulnerability.

Original NVD description (English source)

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method `GET` to change state on the server. Version 2.4.28 contains a patch.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS