Threats Tagged 'cve-2026-41522'
View all threats tagged with 'cve-2026-41522'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-41522'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-41522: CWE-285: Improper Authorization in dfir-iris iris-webCVE-2026-41522 0 CVE-2026-41522 is a high-severity improper authorization vulnerability in dfir-iris iris-web versions prior to 2. 4. 28. The optional GraphQL endpoint at /graphql does not enforce authorization checks consistent with the REST API, allowing any authenticated user to read IOCs across cases without permission, disclose bulk IOCs, and create unauthorized cases. This occurs because the GraphQL resolvers do not verify access control for case data. The vulnerability is fixed in version 2. 4. 28 by removing the GraphQL feature entirely. Workarounds include blocking the /graphql endpoint at the reverse proxy or disabling the GraphQL blueprint in the application source code. Join the discussion | CVE Database V5 | 06/04/2026, 19:31:53 UTC Added: 06/04/2026, 21:03:37 UTC |
Showing 1 to 1 of 1 result