A vulnerability marked as critical has been reported in dfir-iris iris-web up to 2.4.27 . The affected element is an unknown function of the component REST API . This manipulation causes improper authorization. This vulnerability is tracked as CVE-2026-41522 . The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.