CVE-2026-42539

Summary

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch.

Affected Software

VendorProductVersion RangeStatus
dfir-irisiris-web< 2.4.28affected

Weaknesses

  • CWE-201: CWE-201: Insertion of Sensitive Information Into Sent Data

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References