Description
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination with Cross-Site Scripting, this can also be used to exfiltrate alerts from other customers. Version 2.4.28 contains a patch.
Published: 2026-06-04
Score: 5.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Iris Web platform allows users to create alerts for customers they are not assigned to. This missing attribute control is a CWE‑863 Missing Authorization flaw that can be abused so that an attacker creates alerts that appear to come from other customers, undermining data integrity. When combined with Cross‑Site Scripting, the attacker can also exfiltrate alerts from other customers, leading to data confidentiality loss.

Affected Systems

Versions of dfir‑iris Iris Web earlier than 2.4.28 are susceptible. The affected product is the Iris Web collaborative platform from the dfir‑iris vendor.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity. EPSS is not available and the issue is not listed in the KEV catalog. An attacker needs only an authenticated user account to exploit the flaw via the web interface. The main risk is the ability to falsely attribute alerts and potentially steal alert data through XSS, compromising data integrity and confidentiality.

Generated by OpenCVE AI on June 4, 2026 at 22:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Iris Web version 2.4.28 or later.
  • Restrict alert creation to assigned customers only in configuration.
  • Implement or strengthen XSS protections on the platform to prevent data exfiltration.

Generated by OpenCVE AI on June 4, 2026 at 22:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Dfir-iris
Dfir-iris iris
Vendors & Products Dfir-iris
Dfir-iris iris

Thu, 04 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
References

Thu, 04 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Description IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination with Cross-Site Scripting, this can also be used to exfiltrate alerts from other customers. Version 2.4.28 contains a patch.
Title IRIS Alerts Can be Falsely Attributed to Customers
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Dfir-iris Iris
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-04T21:36:19.020Z

Reserved: 2026-04-28T16:56:50.191Z

Link: CVE-2026-42547

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T22:16:53.917

Modified: 2026-06-04T22:16:53.917

Link: CVE-2026-42547

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T07:30:30Z

Weaknesses