CVE-2026-42538
6.3 MEDIUMIRIS is a web collaborative platform that helps incident responders share technical details during investigations
Published: 2026-06-04 · Last updated: 2026-06-05
Severity and scoring
- CVSS
- 6.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
- CWE
- CWE-434
Description
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another instance of a Cross-Site Scripting (XSS) vulnerability. Version 2.4.28 contains a patch.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-46489 — SolidInvoice is an open-source invoicing platform (8.1 HIGH)
- CVE-2026-11839 — Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc (9.9 CRITICAL)
- CVE-2026-7852 — Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc (9.8 CRITICAL)
- CVE-2026-9067 — The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload ... (9.1 CRITICAL)
- CVE-2026-36722 — An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute ... (5.4 MEDIUM)