PatchSiren cyber security CVE debrief
CVE-2026-42539 dfir-iris CVE debrief
CVE-2026-42539 is a MEDIUM severity vulnerability in the IRIS web collaborative platform. Versions prior to 2.4.28 return sensitive data to users that are not required for the client's operation. This vulnerability was patched in version 2.4.28. The CVSS score for this vulnerability is 6.5.
- Vendor
- dfir-iris
- Product
- iris-web
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-08
Who should care
Users of IRIS web collaborative platform versions prior to 2.4.28 should apply the patch to prevent sensitive data exposure.
Technical summary
The IRIS web collaborative platform, used for sharing technical details during incident investigations, had a vulnerability where it would return sensitive data to users that wasn't required for the client's operation. This issue was addressed in version 2.4.28.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to IRIS version 2.4.28 or later to apply the patch.
Evidence notes
CVE-2026-42539 has a CVSS score of 6.5 and a severity of MEDIUM. It was published on [cvePublishedAt] and modified on [cveModifiedAt].
Official resources
-
CVE-2026-42539 CVE record
CVE.org
-
CVE-2026-42539 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
CVE-2026-42539 was published on 2026-06-04T22:16:53.370Z and modified on 2026-06-08T17:16:43.030Z.