CVE-2026-42543 – IRIS has a Cross-Site Request Forgery (CSRF) issue

CVE ID :CVE-2026-42543

Published : June 4, 2026, 10:16 p.m. | 16 minutes ago

Description :IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method `GET` to change state on the server. Version 2.4.28 contains a patch.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…