CVE-2026-42539
MediumCVSS 6.5Summary
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation.
Risk Assessment
Organizations using versions prior to 2.4.28 may expose sensitive information, potentially leading to privacy breaches and data security issues.
Recommendation
It is recommended to upgrade to version 2.4.28 or later to mitigate this vulnerability and protect sensitive data.
Original NVD description (English source)
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch.

