CVE-2026-42539

Published: Jun 4, 2026Modified: Jun 5, 2026Deferred

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: security-advisories@github.com (Secondary)

Description

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch.

Related CWEs

CWE-201

Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

References (2)

https://github.com/dfir-iris/iris-web/security/advisories/GHSA-g588-5gmf-p5cx

Source: security-advisories@github.com

http://www.openwall.com/lists/oss-security/2026/05/19/9

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.