Web Collaborative Platform Vulnerability in IRIS by DFIR
CVE-2026-42547

5.4MEDIUM

Key Information:

Vendor

Dfir-iris

Status
Vendor
CVE Published:
4 June 2026

What is CVE-2026-42547?

The IRIS web collaborative platform, utilized for effective incident response, has a vulnerability in versions prior to 2.4.28 that allows users to create alerts for customers without proper assignments. This flaw can mislead incident responders by attributing alerts to the wrong customers. Additionally, this vulnerability can be exploited in conjunction with Cross-Site Scripting (XSS), enabling malicious users to exfiltrate alerts belonging to other customers. A patch has been implemented in version 2.4.28 to address this issue.

Affected Version(s)

iris-web < 2.4.28

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.