Web Collaborative Platform Vulnerability in IRIS by DFIR
CVE-2026-42547
5.4MEDIUM
What is CVE-2026-42547?
The IRIS web collaborative platform, utilized for effective incident response, has a vulnerability in versions prior to 2.4.28 that allows users to create alerts for customers without proper assignments. This flaw can mislead incident responders by attributing alerts to the wrong customers. Additionally, this vulnerability can be exploited in conjunction with Cross-Site Scripting (XSS), enabling malicious users to exfiltrate alerts belonging to other customers. A patch has been implemented in version 2.4.28 to address this issue.
Affected Version(s)
iris-web < 2.4.28
