CVE-2026-42547

MEDIUM

5.4CVSS v3

—CVSS v2

0.03% EPSS (exploit probability)

CWE-863CWE

Description

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination with Cross-Site Scripting, this can also be used to exfiltrate alerts from other customers. Version 2.4.28 contains a patch.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

NIST NVD
MITRE CVE