Browse all 6 CVE security advisories affecting dfir-iris. AI-powered Chinese analysis, POCs, and references for each vulnerability.
DFIR-IRIS is a digital forensics and incident response platform designed for comprehensive security investigations and threat hunting. Historically, it has been associated with vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, with six CVEs documented to date. The platform's security characteristics focus on robust evidence collection and analysis capabilities, though specific major incidents remain undisclosed. Its core use case centers on enabling security teams to conduct thorough forensic examinations, detect advanced threats, and respond effectively to security breaches across complex IT environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-22783 | Iris Allows Arbitrary File Deletion via Mass Assignment in Datastore File Management — iris-webCWE-434 | 9.6 | Critical | 2026-01-12 |
| CVE-2024-34060 | Arbitrary File Write in IRIS EVTX Pipeline — iris-evtx-moduleCWE-22 | 8.8 | High | 2024-05-23 |
| CVE-2024-25624 | iris-web vulnerable to Server Side Template Injection in reports — iris-webCWE-1336 | 6.8 | Medium | 2024-04-25 |
| CVE-2024-25640 | Improper Neutralization of Alternate XSS Syntax in iris-web — iris-webCWE-87 | 4.6 | Medium | 2024-02-19 |
| CVE-2023-50712 | Improper Neutralization of Alternate XSS Syntax in iris-web — iris-webCWE-87 | 4.6 | Medium | 2023-12-22 |
| CVE-2023-30615 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in iris-web — iris-webCWE-80 | 6.3 | Medium | 2023-05-25 |
This page lists every published CVE security advisory associated with dfir-iris. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.