CVE-2026-42540

Published: Giu 05, 2026 Last Modified: Giu 05, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: low

Availability: none

Description

AI Translation Available

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch.

915

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Other

Potential Impacts:

Modify Application Data Execute Unauthorized Code Or Commands Varies By Context Alter Execution Logic

Applicable Platforms

Languages: Ruby, ASP.NET, PHP, Python, Not Language-Specific

View CWE Details

https://github.com/dfir-iris/iris-web/security/advisories/G…

https://github.com/dfir-iris/iris-web/security/advisories/GHSA-w78h-mx7h-qm3h

CVE-2026-42540

Description

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Common Consequences

Applicable Platforms

Iscriviti alla newsletter