CVE-2026-44925

Veritas · InfoScale

A Cross-Site Request Forgery (CSRF) vulnerability in Veritas InfoScale allows attackers to perform unauthorized actions on behalf of an authenticated user.

Executive summary

A Cross-Site Request Forgery (CSRF) vulnerability in Veritas InfoScale poses a high risk of unauthorized actions being performed against the platform.

Vulnerability

The vulnerability is a Cross-Site Request Forgery (CSRF) flaw within the InfoScale management interface. It allows an attacker to trick an authenticated administrator into executing unintended, malicious actions, such as configuration changes, by enticing them to visit a malicious site.

Business impact

The CVSS score of 8.8 reflects the high potential for administrative account hijacking. An attacker could leverage this flaw to alter storage configurations, delete data, or disrupt service availability, causing significant operational downtime and potential data loss.

Remediation

Immediate Action: Apply the vendor-supplied security update to the InfoScale management console immediately.

Proactive Monitoring: Monitor web access logs for suspicious requests containing unexpected parameters or originating from external, unverified sources.

Compensating Controls: Instruct administrators to log out of the InfoScale management interface when not in use and avoid browsing untrusted sites while maintaining an active management session.

Exploitation status

Public Exploit Available: false

Analyst recommendation

CSRF vulnerabilities are frequently exploited via social engineering. Administrators must prioritize the application of the vendor patch and maintain strict browsing hygiene to minimize the risk of unauthorized command execution.