What is CVE-2026-42538?

CVE-2026-42538 is a medium-severity vulnerability in Dfir-iris Iris-web, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 6.3/10. Published 2026-06-04.

How severe is CVE-2026-42538?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Arbitrary file upload in Dfir-iris Iris-web

CVE-2026-42538

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing…

Vulnerability class: Unrestricted File Upload

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N.

Affected products

Dfir-iris Iris-web — versions < 2.4.28

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

References

security-advisories@github.com (x_refsource_CONFIRM)
af854a3a-2127-422b-91ae-364da2661108

Frequently asked questions

What is CVE-2026-42538?: CVE-2026-42538 is a medium-severity vulnerability in Dfir-iris Iris-web, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 6.3/10. Published 2026-06-04.
How severe is CVE-2026-42538?: Medium severity. CVSS v3 base score is 6.3 out of 10.