Description
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another instance of a Cross-Site Scripting (XSS) vulnerability. Version 2.4.28 contains a patch.
Published: 2026-06-04
Score: 6.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An insecure file upload flaw exists in older releases because uploaded files are not properly validated. This can be abused to host malicious content, including phishing pages, and also gives rise to a cross‑site scripting vulnerability. The root weakness is a file type validation flaw, categorized as CWE‑434. The potential victims may be authenticated users of the platform; credential compromise or social‑engineering attacks are inferred from the possibility of phishing.

Affected Systems

The vulnerability affects the dfir-iris iris-web application in all versions prior to 2.4.28. The specified product is a web‑based collaborative platform used by incident responders.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity. The EPSS score is not available and the issue is not listed in CISA’s KEV catalog. The likely attack vector is through the web upload interface; an attacker only needs the ability to submit a file, so the exploitation is straightforward once access is gained.

Generated by OpenCVE AI on June 4, 2026 at 22:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade IRIS to version 2.4.28 or later to enforce file type validation on uploads
  • Configure the application to enforce strict MIME type checks and size limits for all uploaded content
  • Segment the IRIS instance from public networks or external hosts to limit the exposure of uploaded content
  • Use automated web scanning tools to detect and remediate any malicious scripts embedded in user‑uploaded files

Generated by OpenCVE AI on June 4, 2026 at 22:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Dfir-iris
Dfir-iris iris
Vendors & Products Dfir-iris
Dfir-iris iris

Thu, 04 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
References

Thu, 04 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another instance of a Cross-Site Scripting (XSS) vulnerability. Version 2.4.28 contains a patch.
Title IRIS has an Insecure File Upload
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N'}

Subscriptions

Dfir-iris Iris
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-04T21:36:13.505Z

Reserved: 2026-04-28T16:56:50.190Z

Link: CVE-2026-42538

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T21:16:30.730

Modified: 2026-06-04T22:16:53.233

Link: CVE-2026-42538

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T07:30:30Z

Weaknesses