PatchSiren cyber security CVE debrief
CVE-2026-42538 dfir-iris CVE debrief
CVE-2026-42538 is a vulnerability in the IRIS web collaborative platform that allows for phishing pages and Cross-Site Scripting (XSS). Versions prior to 2.4.28 do not properly validate uploaded files, which can be used to host malicious content. This vulnerability has a CVSS score of 6.3 and is classified as MEDIUM severity. The vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt].
- Vendor
- dfir-iris
- Product
- iris-web
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Users of IRIS web collaborative platform versions prior to 2.4.28 should update to version 2.4.28 or later to patch this vulnerability.
Technical summary
The IRIS web collaborative platform does not properly validate uploaded files, allowing for malicious content to be hosted. This vulnerability can be used for phishing and Cross-Site Scripting (XSS) attacks. The vulnerability is addressed in version 2.4.28.
Defensive priority
MEDIUM
Recommended defensive actions
- Update IRIS web collaborative platform to version 2.4.28 or later.
- Validate uploaded files to prevent malicious content from being hosted.
Evidence notes
CVE-2026-42538 has a CVSS score of 6.3 and is classified as MEDIUM severity. The vulnerability allows for phishing pages and Cross-Site Scripting (XSS) attacks.
Official resources
-
CVE-2026-42538 CVE record
CVE.org
-
CVE-2026-42538 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
CVE-2026-42538 was published on 2026-06-04T21:16:30.730Z and modified on 2026-06-05T20:17:31.657Z.