CVE-2026-42329
MediumCVSS 4.7Summary
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness that allows an attacker to redirect the user to a malicious website.
Risk Assessment
Organizations using vulnerable versions may be exposed to phishing attacks and other threats related to malware.
Recommendation
It is recommended to upgrade to version 2.4.28 or later to mitigate this vulnerability.
Original NVD description (English source)
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue.

