CVE Catalog

CVE-2026-42539

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Summary

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation.

Risk Assessment

Organizations using versions prior to 2.4.28 may expose sensitive information, potentially leading to privacy breaches and data security issues.

Recommendation

It is recommended to upgrade to version 2.4.28 or later to mitigate this vulnerability and protect sensitive data.

Original NVD description (English source)

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS