top of page
perceptive_background_267k.jpg

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file…

Published:

11 January 2026 at 23:00:00

Alert date:

12 January 2026 at 21:02:40

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Security Tools

CVE-2026-22783 affects DFIR-IRIS (Iris web collaborative platform) versions prior to 2.4.24. The vulnerability involves mass assignment of the file_local_name field combined with path trust issues in the delete operation, allowing authenticated users to delete arbitrary filesystem paths. The attack chain involves uploading a file, modifying the file_local_name field to point to arbitrary paths, and triggering deletion without proper path validation. This vulnerability has been patched in version 2.4.24.

Technical details

Mitigation steps:

Affected products:

DFIR-IRIS
Iris web platform

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-22783
https://github.com/dfir-iris/iris-web/commit/57c1b80494bac187893aebc6d9df1ce6e56485b7
https://github.com/dfir-iris/iris-web/security/advisories/GHSA-qhqj-8qw6-wp8v

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page