By weakness (CWE)
CWE-650: related vulnerabilities
CVEs classified under CWE-650. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-42543MEDIUM 4.3
IRIS, a web-based platform used by incident responders to collaborate and share technical details during investigations, contains a cross-site request forgery (CSRF) vulnerability in versions prior to 2.4.28. The vulnerability exists because the platform uses HTTP GET requests to perform state-changing actions on the server—a design flaw that allows an attacker to trick authenticated users into unknowingly executing unwanted actions. An attacker could craft a malicious link or webpage that, when visited by an IRIS user, silently modifies data or settings without the user's knowledge or consent.