CVE-2026-42538EPSS p7.2%

CVE-2026-42538CVE-2026-42538

Description

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another instance of a Cross-Site Scripting (XSS) vulnerability. Version 2.4.28 contains a patch.

Scoring

CVSS 6.3 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
EPSS0.18% probability of exploitation · percentile 7.2% · 2026-06-18T12:00:27Z
Last modified2026-06-05

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-42543
CVE
CVE-2026-42539
CVE
CVE-2026-42329
CVE
CVE-2026-42547
CVE
CVE-2026-42540
CVE
CVE-2026-22783
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.