CVE-2026-42329
4.7 MEDIUMIris is a web collaborative platform that helps incident responders share technical details during investigations
Published: 2026-06-04 · Last updated: 2026-06-08
Severity and scoring
- CVSS
- 4.7 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
- CWE
- CWE-602
Description
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-11287 — Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compro... (6.5 MEDIUM)
- CVE-2026-11267 — Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install... (4.3 MEDIUM)
- CVE-2026-11236 — Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised th... (8.3 HIGH)
- CVE-2026-11184 — Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restricti... (6.3 MEDIUM)
- CVE-2026-11092 — Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a... (8.8 HIGH)