CVE-2026-42329 MEDIUM

CVE-2026-42329: Iris has an Open Redirect issue

Vendor Dfir-Iris
Product iris-web
Weakness CWE-602 · Client-side enforcement
Published June 4, 2026
Last update June 8, 2026

CVSS base score

4.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue.

Key dates

02Disclosure timeline

June 4, 2026 CVE published
June 8, 2026 Record updated