CVE-2026-42329
Deferred Deferred - Pending Action
Open Redirect Vulnerability in Iris Web Platform

Publication date: 2026-06-04

Last updated on: 2026-06-08

Assigner: GitHub, Inc.

Description
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-08
Generated
2026-06-26
AI Q&A
2026-06-05
EPSS Evaluated
2026-06-24
NVD
CVE-2026-42329
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
iris iris to 2.4.28 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-602 The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Iris web collaborative platform versions prior to 2.4.28. It allows an attacker to misuse the platform to redirect users to a malicious website controlled by the attacker.

Impact Analysis

The vulnerability can impact you by causing users of the Iris platform to be redirected to malicious websites. This can lead to potential phishing attacks, malware infections, or other malicious activities initiated by the attacker.

Detection Guidance

Iris versions prior to 2.4.28 are vulnerable to a redirect issue. To detect this vulnerability, you need to identify if your system is running Iris and check its version.

Since no specific commands or detection methods are provided, a general approach would be to check the installed Iris version on your system.

  • For Linux systems, you might try commands like `iris --version` or check the package manager for the installed version.
  • On web servers, review the Iris application version in the deployment or configuration files.

Monitoring network traffic for unexpected redirects to unknown or malicious domains could also help detect exploitation attempts.

Mitigation Strategies

The immediate mitigation step is to upgrade Iris to version 2.4.28 or later, as this version fixes the redirect vulnerability.

Until the upgrade can be applied, consider restricting access to the Iris platform to trusted users only and monitor for suspicious redirect activity.

Compliance Impact

Iris versions prior to 2.4.28 contain a vulnerability that allows an attacker to redirect users to malicious websites. This could potentially lead to phishing attacks or exposure to malicious content.

However, there is no specific information provided about how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42329. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart