CVE-2026-42329
Open Redirect Vulnerability in Iris Web Platform
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| iris | iris | to 2.4.28 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-602 | The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Iris web collaborative platform versions prior to 2.4.28. It allows an attacker to misuse the platform to redirect users to a malicious website controlled by the attacker.
How can this vulnerability impact me? :
The vulnerability can impact you by causing users of the Iris platform to be redirected to malicious websites. This can lead to potential phishing attacks, malware infections, or other malicious activities initiated by the attacker.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Iris versions prior to 2.4.28 are vulnerable to a redirect issue. To detect this vulnerability, you need to identify if your system is running Iris and check its version.
Since no specific commands or detection methods are provided, a general approach would be to check the installed Iris version on your system.
- For Linux systems, you might try commands like `iris --version` or check the package manager for the installed version.
- On web servers, review the Iris application version in the deployment or configuration files.
Monitoring network traffic for unexpected redirects to unknown or malicious domains could also help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Iris to version 2.4.28 or later, as this version fixes the redirect vulnerability.
Until the upgrade can be applied, consider restricting access to the Iris platform to trusted users only and monitor for suspicious redirect activity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
Iris versions prior to 2.4.28 contain a vulnerability that allows an attacker to redirect users to malicious websites. This could potentially lead to phishing attacks or exposure to malicious content.
However, there is no specific information provided about how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.