These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-42547 is a vulnerability in IRIS, a web collaborative platform for incident responders. The vulnerability allows users to create alerts for customers that are not assigned to them, potentially leading to false attribution of fake alerts to customers. When combined with Cross-Site Scripting (XSS), this vulnerability can also be exploited to exfiltrate alerts from other customers. The issue was pat [truncated]
CVE-2026-42543 is a cross-site request forgery (CSRF) vulnerability in IRIS, a web collaborative platform used by incident responders. The vulnerability exists in versions prior to 2.4.28 and is caused by the platform's use of the HTTP `GET` method to change state on the server, making it susceptible to CSRF attacks. The vulnerability has a CVSS score of 4.3 and is classified as medium severity. A patch f [truncated]
CVE-2026-42540 is a vulnerability in the IRIS web collaborative platform that allows users to alter database values via manipulated API requests. This issue was published on [cvePublishedAt] and modified on [cveModifiedAt]. The vulnerability has a CVSS score of 4.3 and a severity of MEDIUM. Version 2.4.28 of IRIS contains a patch for this issue. For more information, see [resourceLinkAnnotations with link [truncated]
CVE-2026-42539 is a MEDIUM severity vulnerability in the IRIS web collaborative platform. Versions prior to 2.4.28 return sensitive data to users that are not required for the client's operation. This vulnerability was patched in version 2.4.28. The CVSS score for this vulnerability is 6.5.
CVE-2026-42538 is a vulnerability in the IRIS web collaborative platform that allows for phishing pages and Cross-Site Scripting (XSS). Versions prior to 2.4.28 do not properly validate uploaded files, which can be used to host malicious content. This vulnerability has a CVSS score of 6.3 and is classified as MEDIUM severity. The vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt].
CVE-2026-42329 is a medium-severity vulnerability in the Iris web collaborative platform. Versions prior to 2.4.28 contain a weakness that allows an attacker to redirect users to a malicious website. The issue was fixed in version 2.4.28.
CVE-2026-41522 is a HIGH severity vulnerability in the Iris web collaborative platform. The platform's optional GraphQL endpoint at `/graphql` did not enforce the same authorization checks as the REST API, allowing authenticated users to perform unauthorized actions. Specifically, attackers could read incident response data across cases (IDOR), disclose incident response data in bulk via `case.iocs`, and [truncated]
