Auth bypass in Dfir-iris Iris-web
CVE-2026-41522
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at `/graphql` that does not enforce the same authori…
Affected products
- Dfir-iris Iris-web — versions < 2.4.28
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)