CVE-2026-42543
MediumCVSS 4.3Summary
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method `GET` to change state on the server.
Risk Assessment
An attacker could exploit this vulnerability to make unauthorized changes to the system, potentially leading to serious data security consequences.
Recommendation
It is recommended to upgrade to version 2.4.28 or later to patch this vulnerability.
Original NVD description (English source)
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method `GET` to change state on the server. Version 2.4.28 contains a patch.

