Sensitive Data Exposure in IRIS Web Collaborative Platform
CVE-2026-42539

6.5MEDIUM

Key Information:

Vendor

Dfir-iris

Status
Vendor
CVE Published:
4 June 2026

What is CVE-2026-42539?

The IRIS web collaborative platform enables incident responders to share critical technical details during investigations. However, in versions prior to 2.4.28, the platform inadvertently exposes sensitive data that is unnecessary for client operations. This vulnerability could lead to unauthorized access to sensitive information, potentially compromising security and privacy. The issue has been addressed in version 2.4.28, which includes a patch to mitigate this risk.

Affected Version(s)

iris-web < 2.4.28

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.