CVE-2026-44925
Veritas · InfoScale
A Cross-Site Request Forgery (CSRF) vulnerability in Veritas InfoScale allows attackers to perform unauthorized actions on behalf of an authenticated user.
Executive summary
A Cross-Site Request Forgery (CSRF) vulnerability in Veritas InfoScale poses a high risk of unauthorized actions being performed against the platform.
Vulnerability
The vulnerability is a Cross-Site Request Forgery (CSRF) flaw within the InfoScale management interface. It allows an attacker to trick an authenticated administrator into executing unintended, malicious actions, such as configuration changes, by enticing them to visit a malicious site.
Business impact
The CVSS score of 8.8 reflects the high potential for administrative account hijacking. An attacker could leverage this flaw to alter storage configurations, delete data, or disrupt service availability, causing significant operational downtime and potential data loss.
Remediation
Immediate Action: Apply the vendor-supplied security update to the InfoScale management console immediately.
Proactive Monitoring: Monitor web access logs for suspicious requests containing unexpected parameters or originating from external, unverified sources.
Compensating Controls: Instruct administrators to log out of the InfoScale management interface when not in use and avoid browsing untrusted sites while maintaining an active management session.
Exploitation status
Public Exploit Available: false
Analyst recommendation
CSRF vulnerabilities are frequently exploited via social engineering. Administrators must prioritize the application of the vendor patch and maintain strict browsing hygiene to minimize the risk of unauthorized command execution.