The iRODS Consortium takes security very seriously. If you feel you've discovered a vulnerability, please send an email to security@irods.org.
The iRODS Consortium and the community greatly appreciate you taking the time to submit your findings.