PatchSiren cyber security CVE debrief
CVE-2026-42329 dfir-iris CVE debrief
CVE-2026-42329 is a medium-severity vulnerability in the Iris web collaborative platform. Versions prior to 2.4.28 contain a weakness that allows an attacker to redirect users to a malicious website. The issue was fixed in version 2.4.28.
- Vendor
- dfir-iris
- Product
- iris-web
- CVSS
- MEDIUM 4.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-08
Who should care
Users of the Iris web collaborative platform, particularly incident responders who share technical details during investigations, should be aware of this vulnerability and take steps to update to version 2.4.28 or later.
Technical summary
The vulnerability has a CVSS score of 4.7 and is classified as CWE-602. It allows an attacker to redirect users to a malicious website, potentially leading to phishing or other attacks.
Defensive priority
Medium
Recommended defensive actions
- Update to version 2.4.28 or later of the Iris web collaborative platform.
- Review and monitor user interactions with the platform for potential suspicious activity.
Evidence notes
The vulnerability was reported through GitHub security advisories and the Open Wall mailing list.
Official resources
-
CVE-2026-42329 CVE record
CVE.org
-
CVE-2026-42329 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
CVE-2026-42329 was published on 2026-06-04T21:16:30.563Z and modified on 2026-06-08T16:16:39.007Z.