PatchSiren cyber security CVE debrief
CVE-2026-42540 dfir-iris CVE debrief
CVE-2026-42540 is a vulnerability in the IRIS web collaborative platform that allows users to alter database values via manipulated API requests. This issue was published on [cvePublishedAt] and modified on [cveModifiedAt]. The vulnerability has a CVSS score of 4.3 and a severity of MEDIUM. Version 2.4.28 of IRIS contains a patch for this issue. For more information, see [resourceLinkAnnotations with linkId='cve-org'](https://www.cve.org/CVERecord?id=CVE-2026-42540) and [resourceLinkAnnotations with linkId='nvd'](https://nvd.nist.gov/vuln/detail/CVE-2026-42540).
- Vendor
- dfir-iris
- Product
- iris-web
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Users of IRIS web collaborative platform versions prior to 2.4.28 should apply the patch to prevent unauthorized alteration of database values.
Technical summary
The IRIS web collaborative platform has a vulnerability that allows users to alter database values via manipulated API requests. This issue is patched in version 2.4.28.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the patch in version 2.4.28 of IRIS to prevent unauthorized alteration of database values.
- Review and update IRIS installations to ensure version 2.4.28 or later is in use.
Evidence notes
The vulnerability has been patched in version 2.4.28 of IRIS. See [resourceLinkAnnotations with linkId='ref-4'](https://github.com/dfir-iris/iris-web/security/advisories/GHSA-w78h-mx7h-qm3h) for more information.
Official resources
-
CVE-2026-42540 CVE record
CVE.org
-
CVE-2026-42540 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-42540 was published on 2026-06-04T22:16:53.550Z and modified on 2026-06-05T20:17:31.777Z.