CVE Catalog

CVE-2026-42329

MediumCVSS 4.7
Published: Updated: Translated: NVD NIST

Summary

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness that allows an attacker to redirect the user to a malicious website.

Risk Assessment

Organizations using vulnerable versions may be exposed to phishing attacks and other threats related to malware.

Recommendation

It is recommended to upgrade to version 2.4.28 or later to mitigate this vulnerability.

Original NVD description (English source)

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS