Common Weakness Enumeration

CWE-601

Allowed

URL Redirection to Untrusted Site ('Open Redirect')

Abstraction: Base · Status: Draft

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

2304 vulnerabilities reference this CWE, most recent first.

CVE-2026-49059 (GCVE-0-2026-49059)

Vulnerability from cvelistv5 – Published: 2026-05-27 14:33 – Updated: 2026-05-28 00:33 X_Open Source
VLAI
Title
WordPress Facebook for WooCommerce plugin <= 3.7.0 - Open Redirection vulnerability
Summary
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Facebook Facebook for WooCommerce allows Phishing. This issue affects Facebook for WooCommerce: from n/a through 3.7.0.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
Vendor Product Version
Facebook Facebook for WooCommerce Affected: n/a , ≤ 3.7.0 (custom)
Create a notification for this product.
Credits
timomangcut | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-49059",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-28T00:33:31.656838Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T00:33:43.335Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "facebook-for-woocommerce",
          "product": "Facebook for WooCommerce",
          "vendor": "Facebook",
          "versions": [
            {
              "lessThanOrEqual": "3.7.0",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "timomangcut | Patchstack Bug Bounty Program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in Facebook Facebook for WooCommerce allows Phishing.\u003cp\u003eThis issue affects Facebook for WooCommerce: from n/a through 3.7.0.\u003c/p\u003e"
            }
          ],
          "value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in Facebook Facebook for WooCommerce allows Phishing.\n\nThis issue affects Facebook for WooCommerce: from n/a through 3.7.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-98",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-98 Phishing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T14:33:18.844Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/plugin/facebook-for-woocommerce/vulnerability/wordpress-facebook-for-woocommerce-plugin-3-7-0-open-redirection-vulnerability?_s_id=cve"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "tags": [
        "x_open-source"
      ],
      "title": "WordPress Facebook for WooCommerce plugin \u003c= 3.7.0 - Open Redirection vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-49059",
    "datePublished": "2026-05-27T14:33:18.844Z",
    "dateReserved": "2026-05-27T10:26:36.700Z",
    "dateUpdated": "2026-05-28T00:33:43.335Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-48895 (GCVE-0-2026-48895)

Vulnerability from cvelistv5 – Published: 2026-06-19 13:16 – Updated: 2026-06-22 16:20
VLAI
Title
Apache APISIX: Cas-auth Host header influence on CAS service URL
Summary
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The attacker could manipulate some client headers to perform an open-redirect, to potentially expose the session token. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache APISIX Affected: 3.0.0 , ≤ 3.16.0 (semver)
Create a notification for this product.
Credits
lokerxxx
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-06-19T16:49:54.004Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/06/19/11"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-48895",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-22T16:20:23.765787Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-22T16:20:39.998Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache APISIX",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "3.16.0",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "lokerxxx"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eURL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in Apache APISIX.\u003c/p\u003e\u003cp\u003eThe attacker could manipulate some client headers to perform an open-redirect, to potentially expose the session token.\u003c/p\u003e\u003cp\u003eThis issue affects Apache APISIX: from 3.0.0 through 3.16.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 3.17.0, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in Apache APISIX.\n\nThe attacker could manipulate some client headers to perform an open-redirect, to potentially expose the session token.\n\nThis issue affects Apache APISIX: from 3.0.0 through 3.16.0.\n\nUsers are recommended to upgrade to version 3.17.0, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T13:16:29.442Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/yo1kq93ds69zbgjjopop7dmzm7zhj1gq"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache APISIX: Cas-auth Host header influence on CAS service URL",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-48895",
    "datePublished": "2026-06-19T13:16:29.442Z",
    "dateReserved": "2026-05-26T09:06:16.109Z",
    "dateUpdated": "2026-06-22T16:20:39.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-48856 (GCVE-0-2026-48856)

Vulnerability from cvelistv5 – Published: 2026-06-10 14:41 – Updated: 2026-06-11 04:45
VLAI
Title
httpc leaks Authorization header to cross-origin redirect targets
Summary
Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary. httpc_response:redirect/2 constructs the redirected request by updating only the host field of the header record; all other fields (including authorization and proxy_authorization) are copied verbatim. The redirect target host is never compared against the original host. autoredirect defaults to true, so this affects all httpc callers that do not explicitly disable automatic redirects. An attacker who controls a server that the victim contacts via httpc can issue a cross-origin 3xx redirect to a server they also control. The Authorization header (including Basic credentials derived from URL userinfo via httpc_request:handle_user_info/2) is forwarded to the redirect target, allowing credential theft. The same applies to the Proxy-Authorization header. This vulnerability is associated with program files lib/inets/src/http_client/httpc_response.erl. This issue affects OTP from 17.0 before 29.0.2, 28.5.0.2 and 27.3.4.13 corresponding to inets from 5.10 before 9.7.1, 9.6.2.2 and 9.3.2.6.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
EEF
Impacted products
Vendor Product Version
Erlang OTP Affected: 5.10 , < * (otp)
    cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Create a notification for this product.
Erlang OTP Affected: 17.0 , < * (otp)
Affected: 84adefa331c4159d432d22840663c38f155cd4c1 , < 688d748d6f7a6a06b13b662a1d3de8af97079612 (git)
    cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Jonatan Männchen / EEF Jonatan Männchen / EEF Ingela Anderton Andin Konrad Pietrzak
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-48856",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T16:23:52.053802Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T16:24:02.066Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "modules": [
            "httpc_response"
          ],
          "packageName": "inets",
          "packageURL": "pkg:otp/inets?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp\u0026vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git",
          "product": "OTP",
          "programFiles": [
            "src/http_client/httpc_response.erl"
          ],
          "programRoutines": [
            {
              "name": "httpc_response:redirect/2"
            }
          ],
          "repo": "https://github.com/erlang/otp",
          "vendor": "Erlang",
          "versions": [
            {
              "changes": [
                {
                  "at": "9.7.1",
                  "status": "unaffected"
                },
                {
                  "at": "9.6.2.2",
                  "status": "unaffected"
                },
                {
                  "at": "9.3.2.6",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "5.10",
              "versionType": "otp"
            }
          ]
        },
        {
          "collectionURL": "https://github.com",
          "cpes": [
            "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "modules": [
            "httpc_response"
          ],
          "packageName": "erlang/otp",
          "packageURL": "pkg:github/erlang/otp",
          "product": "OTP",
          "programFiles": [
            "lib/inets/src/http_client/httpc_response.erl"
          ],
          "programRoutines": [
            {
              "name": "httpc_response:redirect/2"
            }
          ],
          "repo": "https://github.com/erlang/otp",
          "vendor": "Erlang",
          "versions": [
            {
              "changes": [
                {
                  "at": "29.0.2",
                  "status": "unaffected"
                },
                {
                  "at": "28.5.0.2",
                  "status": "unaffected"
                },
                {
                  "at": "27.3.4.13",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "17.0",
              "versionType": "otp"
            },
            {
              "lessThan": "688d748d6f7a6a06b13b662a1d3de8af97079612",
              "status": "affected",
              "version": "84adefa331c4159d432d22840663c38f155cd4c1",
              "versionType": "git"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "27.3.4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "28.5.0.2",
                  "versionStartIncluding": "28.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "29.0.2",
                  "versionStartIncluding": "29.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "AND"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jonatan M\u00e4nnchen / EEF"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Jonatan M\u00e4nnchen / EEF"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Ingela Anderton Andin"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Konrad Pietrzak"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sensitive Data Exposure vulnerability in Erlang OTP inets (\u003ctt\u003ehttpc_response\u003c/tt\u003e module) allows Retrieve Embedded Sensitive Data.\u003cp\u003eThe \u003ctt\u003ehttpc\u003c/tt\u003e client forwards the \u003ctt\u003eAuthorization\u003c/tt\u003e and \u003ctt\u003eProxy-Authorization\u003c/tt\u003e request headers to redirect targets without checking whether the redirect crosses an origin boundary. \u003ctt\u003ehttpc_response:redirect/2\u003c/tt\u003e constructs the redirected request by updating only the \u003ctt\u003ehost\u003c/tt\u003e field of the header record; all other fields (including \u003ctt\u003eauthorization\u003c/tt\u003e and \u003ctt\u003eproxy_authorization\u003c/tt\u003e) are copied verbatim. The redirect target host is never compared against the original host.\u003c/p\u003e\u003cp\u003e\u003ctt\u003eautoredirect\u003c/tt\u003e defaults to \u003ctt\u003etrue\u003c/tt\u003e, so this affects all \u003ctt\u003ehttpc\u003c/tt\u003e callers that do not explicitly disable automatic redirects.\u003c/p\u003e\u003cp\u003eAn attacker who controls a server that the victim contacts via \u003ctt\u003ehttpc\u003c/tt\u003e can issue a cross-origin 3xx redirect to a server they also control. The \u003ctt\u003eAuthorization\u003c/tt\u003e header (including Basic credentials derived from URL userinfo via \u003ctt\u003ehttpc_request:handle_user_info/2\u003c/tt\u003e) is forwarded to the redirect target, allowing credential theft. The same applies to the \u003ctt\u003eProxy-Authorization\u003c/tt\u003e header.\u003c/p\u003e\u003cp\u003eThis vulnerability is associated with program files \u003ctt\u003elib/inets/src/http_client/httpc_response.erl\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects OTP from 17.0 before 29.0.2, 28.5.0.2 and 27.3.4.13 corresponding to inets from 5.10 before 9.7.1, 9.6.2.2 and 9.3.2.6.\u003c/p\u003e"
            }
          ],
          "value": "Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data.\n\nThe httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary. httpc_response:redirect/2 constructs the redirected request by updating only the host field of the header record; all other fields (including authorization and proxy_authorization) are copied verbatim. The redirect target host is never compared against the original host.\n\nautoredirect defaults to true, so this affects all httpc callers that do not explicitly disable automatic redirects.\n\nAn attacker who controls a server that the victim contacts via httpc can issue a cross-origin 3xx redirect to a server they also control. The Authorization header (including Basic credentials derived from URL userinfo via httpc_request:handle_user_info/2) is forwarded to the redirect target, allowing credential theft. The same applies to the Proxy-Authorization header.\n\nThis vulnerability is associated with program files lib/inets/src/http_client/httpc_response.erl.\n\nThis issue affects OTP from 17.0 before 29.0.2, 28.5.0.2 and 27.3.4.13 corresponding to inets from 5.10 before 9.7.1, 9.6.2.2 and 9.3.2.6."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-11T04:45:35.836Z",
        "orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
        "shortName": "EEF"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "related"
          ],
          "url": "https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://cna.erlef.org/cves/CVE-2026-48856.html"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://osv.dev/vulnerability/EEF-CVE-2026-48856"
        },
        {
          "tags": [
            "x_version-scheme"
          ],
          "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/erlang/otp/commit/688d748d6f7a6a06b13b662a1d3de8af97079612"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "httpc leaks Authorization header to cross-origin redirect targets",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cul\u003e\u003cli\u003eSet \u003ctt\u003e{autoredirect, false}\u003c/tt\u003e in the \u003ctt\u003ehttpc:request/4\u003c/tt\u003e options and handle redirects manually, stripping the \u003ctt\u003eAuthorization\u003c/tt\u003e header when the redirect crosses an origin boundary.\u003c/li\u003e\u003cli\u003eEnsure that \u003ctt\u003ehttpc\u003c/tt\u003e is only used to contact trusted servers that will not issue cross-origin redirects.\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "* Set {autoredirect, false} in the httpc:request/4 options and handle redirects manually, stripping the Authorization header when the redirect crosses an origin boundary.\n* Ensure that httpc is only used to contact trusted servers that will not issue cross-origin redirects."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
    "assignerShortName": "EEF",
    "cveId": "CVE-2026-48856",
    "datePublished": "2026-06-10T14:41:51.616Z",
    "dateReserved": "2026-05-25T20:44:10.697Z",
    "dateUpdated": "2026-06-11T04:45:35.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-48832 (GCVE-0-2026-48832)

Vulnerability from cvelistv5 – Published: 2026-05-24 22:36 – Updated: 2026-05-26 15:20
VLAI
Summary
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
Impacted products
Vendor Product Version
SPIP SPIP Affected: 0 , < 4.4.15 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-48832",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-26T15:10:44.995016Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T15:20:35.045Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SPIP",
          "vendor": "SPIP",
          "versions": [
            {
              "lessThan": "4.4.15",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-24T22:36:35.529Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-15.html?lang=fr"
        },
        {
          "url": "https://git.spip.net/spip/spip/-/commit/75629034697ab52a963a340afd10930407e1cd55"
        },
        {
          "url": "https://git.spip.net/spip/ecrire/-/commit/a22cb8a56f1e37ff3854b73ff3f66aa3df47070a"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-48832",
    "datePublished": "2026-05-24T22:36:35.529Z",
    "dateReserved": "2026-05-24T22:36:34.957Z",
    "dateUpdated": "2026-05-26T15:20:35.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-48784 (GCVE-0-2026-48784)

Vulnerability from cvelistv5 – Published: 2026-07-14 19:04 – Updated: 2026-07-15 13:27
VLAI
Title
Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization
Summary
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, UrlGenerator::doGenerate() used strtr() dot-segment encoding that skipped every other chained ../ or ./ segment, allowing attacker-controlled route parameters to generate URLs that collapse to a different path under RFC 3986 normalization. This issue is fixed in versions 5.4.53, 6.4.41, 7.4.13, and 8.0.13.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-172 - Encoding Error
  • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
Impacted products
Vendor Product Version
symfony symfony Affected: < 5.4.53
Affected: >= 6.0.0-BETA1, < 6.4.41
Affected: >= 7.0.0-BETA1, < 7.4.13
Affected: >= 8.0.0-BETA1, < 8.0.13
Create a notification for this product.
symfony routing Affected: < 5.4.53
Affected: >= 6.0.0-BETA1, < 6.4.41
Affected: >= 7.0.0-BETA1, < 7.4.13
Affected: >= 8.0.0-BETA1, < 8.0.13
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-48784",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-15T13:23:18.119617Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T13:27:22.254Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "symfony",
          "vendor": "symfony",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.4.53"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.0.0-BETA1, \u003c 6.4.41"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.0.0-BETA1, \u003c 7.4.13"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0-BETA1, \u003c 8.0.13"
            }
          ]
        },
        {
          "product": "routing",
          "vendor": "symfony",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.4.53"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.0.0-BETA1, \u003c 6.4.41"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.0.0-BETA1, \u003c 7.4.13"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0-BETA1, \u003c 8.0.13"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, UrlGenerator::doGenerate() used strtr() dot-segment encoding that skipped every other chained ../ or ./ segment, allowing attacker-controlled route parameters to generate URLs that collapse to a different path under RFC 3986 normalization. This issue is fixed in versions 5.4.53, 6.4.41, 7.4.13, and 8.0.13."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-172",
              "description": "CWE-172: Encoding Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T19:04:20.058Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/symfony/symfony/security/advisories/GHSA-h5x3-xfc9-m39h",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/symfony/symfony/security/advisories/GHSA-h5x3-xfc9-m39h"
        },
        {
          "name": "https://github.com/symfony/symfony/commit/4b63c3a3f7af04ecd79c89a594b0b02a01990b1d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/symfony/symfony/commit/4b63c3a3f7af04ecd79c89a594b0b02a01990b1d"
        },
        {
          "name": "https://github.com/symfony/symfony/releases/tag/v5.4.53",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/symfony/symfony/releases/tag/v5.4.53"
        },
        {
          "name": "https://github.com/symfony/symfony/releases/tag/v6.4.41",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/symfony/symfony/releases/tag/v6.4.41"
        },
        {
          "name": "https://github.com/symfony/symfony/releases/tag/v7.4.13",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/symfony/symfony/releases/tag/v7.4.13"
        }
      ],
      "source": {
        "advisory": "GHSA-h5x3-xfc9-m39h",
        "discovery": "UNKNOWN"
      },
      "title": "Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` \u2192 Generated URL Collapses Off-Route Under RFC 3986 Normalization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-48784",
    "datePublished": "2026-07-14T19:04:20.058Z",
    "dateReserved": "2026-05-22T20:18:20.365Z",
    "dateUpdated": "2026-07-15T13:27:22.254Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-48589 (GCVE-0-2026-48589)

Vulnerability from cvelistv5 – Published: 2026-05-25 20:20 – Updated: 2026-05-26 12:37
VLAI
Title
Apache Shiro: Jakarta EE open redirect via untrusted Referer in post-login redirect flow
Summary
Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module. This issue affects Apache Shiro from 2.0-alpha to 2.2.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache Shiro Affected: 2.0.0-alpha-0 , ≤ 2.2.0 (semver)
Affected: 3.0.0-alpha-0 , ≤ 3.0.0-alpha-1 (semver)
Create a notification for this product.
Credits
Bartlomiej Dmitruk <bartek@striga.ai> Lenny Primak <lenny@flowlogix.com>
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-25T21:26:15.212Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/25/9"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-48589",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-26T12:37:36.660873Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T12:37:44.475Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.shiro:shiro-jakarta-ee",
          "product": "Apache Shiro",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.2.0",
              "status": "affected",
              "version": "2.0.0-alpha-0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "3.0.0-alpha-1",
              "status": "affected",
              "version": "3.0.0-alpha-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Bartlomiej Dmitruk \u003cbartek@striga.ai\u003e"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Lenny Primak \u003clenny@flowlogix.com\u003e"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eApache Shiro\u2019s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login.\u003cbr\u003eIn affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module.\u003cbr\u003eThis issue affects Apache Shiro from 2.0-alpha to 2.2.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Apache Shiro\u2019s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login.\nIn affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module.\nThis issue affects Apache Shiro from 2.0-alpha to 2.2.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NEGLIGIBLE",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 0,
            "baseSeverity": "NONE",
            "privilegesRequired": "LOW",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/V:D/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-25T20:20:03.597Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://shiro.apache.org/security-reports.html#cve_2026_48589"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Shiro: Jakarta EE open redirect via untrusted Referer in post-login redirect flow",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-48589",
    "datePublished": "2026-05-25T20:20:03.597Z",
    "dateReserved": "2026-05-22T00:31:53.177Z",
    "dateUpdated": "2026-05-26T12:37:44.475Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-48000 (GCVE-0-2026-48000)

Vulnerability from cvelistv5 – Published: 2026-07-14 19:44 – Updated: 2026-07-14 19:44
VLAI
Title
Adobe Commerce | URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)
Summary
Adobe Commerce is affected by an Improper Redirect (Open Redirect) vulnerability that could result in a Security feature bypass. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site, potentially enabling credential theft and account takeover. Exploitation of this issue requires user interaction in that a victim must click on a malicious link.
CWE
  • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)
Assigner
References
Impacted products
Vendor Product Version
Adobe Adobe Commerce Affected: 0 , ≤ 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18 (semver)
Unaffected: 2.4.9-2026-jul, 2.4.8-2026-jul, 2.4.7-2026-jul, 2.4.6-2026-jul, 2.4.5-2026-jul, 2.4.4-2026-jul (semver)
Create a notification for this product.
Adobe Adobe Commerce B2B Affected: 0 , ≤ 1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18 (semver)
Unaffected: 1.5.3-2026-jul, 1.5.2-2026-jul, 1.4.2-2026-jul, 1.3.4-2026-jul, 1.3.3-2026-jul (semver)
Create a notification for this product.
Adobe Magento Open Source Affected: 0 , ≤ 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15 (semver)
Unaffected: 2.4.9-2026-jul, 2.4.8-2026-jul, 2.4.7-2026-jul, 2.4.6-2026-jul (semver)
Create a notification for this product.
Adobe Adobe Commerce Webhooks Plugin Affected: 0 , ≤ 1.20.0 (semver)
Unaffected: 1.21.0 (semver)
Create a notification for this product.
Date Public
2026-07-14 17:00
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "2.4.9-2026-jul, 2.4.8-2026-jul, 2.4.7-2026-jul, 2.4.6-2026-jul, 2.4.5-2026-jul, 2.4.4-2026-jul",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce B2B",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "1.5.3-2026-jul, 1.5.2-2026-jul, 1.4.2-2026-jul, 1.3.4-2026-jul, 1.3.3-2026-jul",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Magento Open Source",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "2.4.9-2026-jul, 2.4.8-2026-jul, 2.4.7-2026-jul, 2.4.6-2026-jul",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce Webhooks Plugin",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "1.20.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "1.21.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-07-14T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce is affected by an Improper Redirect (Open Redirect) vulnerability that could result in a Security feature bypass. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site, potentially enabling credential theft and account takeover. Exploitation of this issue requires user interaction in that a victim must click on a malicious link."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) (CWE-601)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T19:44:15.654Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb26-73.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) (CWE-601)",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2026-48000",
    "datePublished": "2026-07-14T19:44:15.654Z",
    "dateReserved": "2026-05-20T15:50:31.368Z",
    "dateUpdated": "2026-07-14T19:44:15.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-47991 (GCVE-0-2026-47991)

Vulnerability from cvelistv5 – Published: 2026-06-09 16:48 – Updated: 2026-06-09 17:36
VLAI
Title
Adobe Experience Manager | URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)
Summary
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this issue requires user interaction in that a victim must click on a malicious link.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)
Assigner
References
Impacted products
Vendor Product Version
Adobe Adobe Experience Manager Affected: 0 , ≤ 2026.04 (semver)
Create a notification for this product.
Date Public
2026-06-09 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-47991",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T17:35:28.783073Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-09T17:36:03.155Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Experience Manager",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2026.04",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-06-09T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this issue requires user interaction in that a victim must click on a malicious link."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 4.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "LOW",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) (CWE-601)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-09T16:48:44.214Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Experience Manager | URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) (CWE-601)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2026-47991",
    "datePublished": "2026-06-09T16:48:44.214Z",
    "dateReserved": "2026-05-20T15:50:31.367Z",
    "dateUpdated": "2026-06-09T17:36:03.155Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-47645 (GCVE-0-2026-47645)

Vulnerability from cvelistv5 – Published: 2026-06-19 20:29 – Updated: 2026-07-08 23:24 Exclusively Hosted Service
VLAI
Title
Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability
Summary
Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
Date Public
2026-06-18 14:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-47645",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-23T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-24T03:55:53.620Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft 365 Copilot",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:365_copilot:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-06-18T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Url redirection to untrusted site (\u0027open redirect\u0027) in Microsoft 365 Copilot\u0027s Business Chat allows an unauthorized attacker to elevate privileges over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-08T23:24:40.770Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft 365 Copilot\u0027s Business Chat Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47645"
        }
      ],
      "tags": [
        "exclusively-hosted-service"
      ],
      "title": "Microsoft 365 Copilot\u0027s Business Chat Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-47645",
    "datePublished": "2026-06-19T20:29:42.232Z",
    "dateReserved": "2026-05-19T20:12:27.070Z",
    "dateUpdated": "2026-07-08T23:24:40.770Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-47377 (GCVE-0-2026-47377)

Vulnerability from cvelistv5 – Published: 2026-06-23 20:35 – Updated: 2026-06-24 14:42
VLAI
Title
NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin
Summary
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the client-side hashRedirect plugin called window.location.replace() on a path extracted from the URL hash fragment after only checking hashPath.startsWith('/'). Protocol-relative URLs (//attacker.com/…) also satisfy that check, so a crafted link silently redirected visitors to an attacker-controlled origin. This vulnerability is fixed in 2026.04.1.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
Vendor Product Version
nocodb nocodb Affected: < 2026.04.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-47377",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-24T14:42:06.967015Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-24T14:42:21.097Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nocodb",
          "vendor": "nocodb",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2026.04.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the client-side hashRedirect plugin called window.location.replace() on a path extracted from the URL hash fragment after only checking hashPath.startsWith(\u0027/\u0027). Protocol-relative URLs (//attacker.com/\u2026) also satisfy that check, so a crafted link silently redirected visitors to an attacker-controlled origin. This vulnerability is fixed in 2026.04.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-23T20:35:06.569Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nocodb/nocodb/security/advisories/GHSA-rvp5-9p55-f5rp",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nocodb/nocodb/security/advisories/GHSA-rvp5-9p55-f5rp"
        }
      ],
      "source": {
        "advisory": "GHSA-rvp5-9p55-f5rp",
        "discovery": "UNKNOWN"
      },
      "title": "NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-47377",
    "datePublished": "2026-06-23T20:35:06.569Z",
    "dateReserved": "2026-05-19T19:22:45.728Z",
    "dateUpdated": "2026-06-24T14:42:21.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • Use a list of approved URLs or domains to be used for redirection.
Mitigation
Architecture and Design

Use an intermediate disclaimer page that provides the user with a clear warning that they are leaving the current site. Implement a long timeout before the redirect occurs, or force the user to click on the link. Be careful to avoid XSS problems (CWE-79) when generating the disclaimer page.

Mitigation MIT-21.2
Architecture and Design

Strategy: Enforcement by Conversion

  • When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.
  • For example, ID 1 could map to "/login.asp" and ID 2 could map to "http://www.example.com/". Features such as the ESAPI AccessReferenceMap [REF-45] provide this capability.
Mitigation
Architecture and Design

Ensure that no externally-supplied requests are honored by requiring that all redirect requests include a unique nonce generated by the application [REF-483]. Be sure that the nonce is not predictable (CWE-330).

Mitigation MIT-6
Architecture and Design Implementation

Strategy: Attack Surface Reduction

  • Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.
  • Many open redirect problems occur because the programmer assumed that certain inputs could not be modified, such as cookies and hidden form fields.
Mitigation MIT-29
Operation

Strategy: Firewall

Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].

CAPEC-178: Cross-Site Flashing

An attacker is able to trick the victim into executing a Flash document that passes commands or calls to a Flash player browser plugin, allowing the attacker to exploit native Flash functionality in the client browser. This attack pattern occurs where an attacker can provide a crafted link to a Flash document (SWF file) which, when followed, will cause additional malicious instructions to be executed. The attacker does not need to serve or control the Flash document. The attack takes advantage of the fact that Flash files can reference external URLs. If variables that serve as URLs that the Flash application references can be controlled through parameters, then by creating a link that includes values for those parameters, an attacker can cause arbitrary content to be referenced and possibly executed by the targeted Flash application.