CVE-2026-42543

Published: Giu 05, 2026 Last Modified: Giu 05, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: none

Integrity: low

Availability: none

Description

AI Translation Available

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method `GET` to change state on the server. Version 2.4.28 contains a patch.

650

Trusting HTTP Permission Methods on the Server Side

Incomplete

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Integrity Confidentiality

Potential Impacts:

Gain Privileges Or Assume Identity Modify Application Data Read Application Data

Applicable Platforms

Technologies: Web Based, Web Server

Likelihood of Exploit: High

View CWE Details

http://www.openwall.com/lists/oss-security/2026/05/19/11

https://github.com/dfir-iris/iris-web/security/advisories/G…

https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m73w-v4r5-vw9m

CVE-2026-42543

Description

Trusting HTTP Permission Methods on the Server Side

Common Consequences

Applicable Platforms

Iscriviti alla newsletter