CVE-2026-42538

Published: Giu 04, 2026 Last Modified: Giu 05, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: required

Scope: unchanged

Confidentiality: high

Integrity: low

Availability: none

Description

AI Translation Available

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another instance of a Cross-Site Scripting (XSS) vulnerability. Version 2.4.28 contains a patch.

434

Unrestricted Upload of File with Dangerous Type

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands

Applicable Platforms

Languages: ASP.NET, PHP, Not Language-Specific

Technologies: Web Server, AI/ML

Likelihood of Exploit: Medium

View CWE Details

http://www.openwall.com/lists/oss-security/2026/05/19/8

https://github.com/dfir-iris/iris-web/security/advisories/G…

https://github.com/dfir-iris/iris-web/security/advisories/GHSA-m624-7744-2mhf

CVE-2026-42538

Description

Unrestricted Upload of File with Dangerous Type

Common Consequences

Applicable Platforms

Iscriviti alla newsletter