Vulnerability Description: CWE-352: Cross-Site Request Forgery (CSRF)
Software Version: InfoScale Operations Manager (IOM) BEFORE 9.1.3
NIST: https://nvd.nist.gov/vuln/detail/CVE-2026-44925
CVSS: 8.8
Severity: High
Credits: Claudia Bartolini, Marco Ventura, Valentina Stefanizzi, Massimiliano Brolli
Cross-Site Request Forgery (CSRF) vulnerability in InfoScale Operations Manager (VIOM) allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge.