PatchSiren cyber security CVE debrief
CVE-2026-42547 dfir-iris CVE debrief
CVE-2026-42547 is a vulnerability in IRIS, a web collaborative platform for incident responders. The vulnerability allows users to create alerts for customers that are not assigned to them, potentially leading to false attribution of fake alerts to customers. When combined with Cross-Site Scripting (XSS), this vulnerability can also be exploited to exfiltrate alerts from other customers. The issue was patched in version 2.4.28.
- Vendor
- dfir-iris
- Product
- iris-web
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-08
Who should care
Users of IRIS web collaborative platform versions prior to 2.4.28 should apply the patch to prevent potential misattribution of alerts and data exfiltration.
Technical summary
The vulnerability has a CVSS score of 5.4 and a severity rating of MEDIUM. It can be exploited by users with low privileges (PR:L) over the network (AV:N) without requiring user interaction (UI:N). Successful exploitation can lead to low impact on confidentiality (C:L) and integrity (I:L).
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the patch by upgrading to IRIS version 2.4.28 or later.
- Review and restrict user permissions to ensure that users can only create alerts for assigned customers.
Evidence notes
The vulnerability was published on June 4, 2026, and modified on June 8, 2026. The CVE record can be found at [cve-org]. Additional details are available at [nvd].
Official resources
-
CVE-2026-42547 CVE record
CVE.org
-
CVE-2026-42547 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
CVE-2026-42547 was published on 2026-06-04T22:16:53.917Z and modified on 2026-06-08T16:16:39.387Z.