← voltar
CVE-2026-42539

IRIS has an Excessive Data Exposure issue

CVSS 6.5 MEDIUMEPSS 0.2%CWE-201
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
dfir-iris · iris-web

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/dfir-iris/iris-web/security/advisories/GHSA-g588-5gmf-p5cxhttp://www.openwall.com/lists/oss-security/2026/05/19/9