CVE-2026-42547: CWE-863: Incorrect Authorization in dfir-iris iris-web
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination with Cross-Site Scripting, this can also be used to exfiltrate alerts from other customers. Version 2.4.28 contains a patch.
AI Analysis
Technical Summary
The vulnerability CVE-2026-42547 in dfir-iris iris-web is due to improper authorization checks that permit users to create alerts for customers outside their assigned scope. This flaw can be exploited to falsely attribute alerts to other customers. Additionally, when combined with an XSS vulnerability, it may allow attackers to exfiltrate alert data belonging to other customers. The issue affects versions prior to 2.4.28, which contains the patch addressing this authorization flaw.
Potential Impact
Exploitation of this vulnerability can lead to unauthorized creation of alerts attributed to customers not assigned to the attacker, potentially causing misinformation or confusion during incident response. In combination with Cross-Site Scripting, it may result in unauthorized disclosure of alert data from other customers. There is no indication of impact on system availability. No known exploits are reported in the wild.
Mitigation Recommendations
Upgrade dfir-iris iris-web to version 2.4.28 or later, which contains a patch for this authorization vulnerability. Since the vendor has released a fixed version, applying this official update is the recommended remediation. Patch status is confirmed by the version information provided.
CVE-2026-42547: CWE-863: Incorrect Authorization in dfir-iris iris-web
Description
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination with Cross-Site Scripting, this can also be used to exfiltrate alerts from other customers. Version 2.4.28 contains a patch.
CVSS v3.1
Score 5.4medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-42547 in dfir-iris iris-web is due to improper authorization checks that permit users to create alerts for customers outside their assigned scope. This flaw can be exploited to falsely attribute alerts to other customers. Additionally, when combined with an XSS vulnerability, it may allow attackers to exfiltrate alert data belonging to other customers. The issue affects versions prior to 2.4.28, which contains the patch addressing this authorization flaw.
Potential Impact
Exploitation of this vulnerability can lead to unauthorized creation of alerts attributed to customers not assigned to the attacker, potentially causing misinformation or confusion during incident response. In combination with Cross-Site Scripting, it may result in unauthorized disclosure of alert data from other customers. There is no indication of impact on system availability. No known exploits are reported in the wild.
Mitigation Recommendations
Upgrade dfir-iris iris-web to version 2.4.28 or later, which contains a patch for this authorization vulnerability. Since the vendor has released a fixed version, applying this official update is the recommended remediation. Patch status is confirmed by the version information provided.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-28T16:56:50.191Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a21ef3ae29bf47b50d43b47
Added to database: 6/4/2026, 9:33:46 PM
Last enriched: 6/4/2026, 9:48:27 PM
Last updated: 6/5/2026, 1:03:09 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.