CVE-2026-41522 – Iris has an Improper Authorization issue

CVE ID :CVE-2026-41522

Published : June 4, 2026, 8:16 p.m. | 16 minutes ago

Description :Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at `/graphql` that does not enforce the same authorization checks as the REST API. Any authenticated user can abuse it in three ways: unauthorized IOC read across cases (IDOR), bulk IOC disclosure via `case.iocs`. The `case(caseId: …).iocs` resolver returns IOCs linked to an arbitrary case without verifying the caller has access to that case, and unauthorized case creation. All three are reachable by any authenticated user, regardless of role or case ACL. This is fixed in v2.4.28. The GraphQL blueprint, resolvers, and dependencies (`graphene`, `graphene-sqlalchemy`, `graphql-server[flask]`) were removed entirely, since the feature was not in use. As a workaround, block `/graphql` at the reverse proxy (recommended) or comment out the `graphql_blueprint` import and `register_blueprint` call in `source/app/views.py` and restart.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-5589 – Out-of-bounds write caused by an integer underflow in the Bluetooth Mesh subsystem.

CVE-2026-41518 – Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)

CVE-2026-41249 – CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration

CVE-2026-21404 – NAVTOR NavBox Use of Hard-coded Credentials