CVE-2026-54724

MEDIUMPre-NVD 6.16.1
EchelonGraph scoreHIGH confidence

Score 6.1 from GitHub Security Advisory published 2026-07-06. the CNA's CVSS baseline 6.1; sources differ by 0.0.

Triggered by: GitHub Security Advisory CVSS
Sources: cna:github_m, ghsa
6.1
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
  • Lower severity and no public exploit yet
CISA-KEV: Not listedEPSS: CVSS: 6.1Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

Kiwi TCMS has an Open Redirect via unvalidated next parameter in account confirmation endpoint

Summary

An open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a legitimate Kiwi TCMS instance that redirects victims to an arbitrary external domain. The attack surface is particularly relevant for phishing campaigns targeting Kiwi TCMS users, as the malicious link originates from a trusted organizational hostname.

Impact

This is an open redirect vulnerability (CWE-601). Any unauthenticated attacker can exploit it against any user of a Kiwi TCMS deployment.

The primary risk is phishing. Because Kiwi TCMS is typically deployed as an internal tool for engineering and QA teams, a redirect from the organization's own hostname carries high implicit trust. An attacker can use this endpoint to:

  • Redirect victims to a credential-harvesting page styled to match the Kiwi TCMS or corporate SSO login.
  • Bypass email security filters and link-reputation checks that allowlist the organization's domain.
  • Distribute malware via a convincing "confirm your account" lure.

CVSS v3
6.1
EG Score
6.1(high)
EPSS
KEV
Not listed

Published

July 6, 2026

Last Modified

July 6, 2026

Vendor Advisories for CVE-2026-54724(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Patch Availability(1)

Vendor / EcosystemFixed in / PatchReleasedSource
pipkiwitcmsghsa

Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

Data Freshness Timeline

(refreshed 2× in last 7d / 2× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-07-06 21:35 UTCEG score recompute
  2. 2026-07-06 21:35 UTCGHSA enrichment

Frequently asked(4)

What is CVE-2026-54724?
CVE-2026-54724 is a medium vulnerability published on July 6, 2026. Kiwi TCMS has an Open Redirect via unvalidated next parameter in account confirmation endpoint Summary An open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a legitimate Kiwi TCMS instance that redirects victims to an…
When was CVE-2026-54724 disclosed?
CVE-2026-54724 was first published in the National Vulnerability Database on July 6, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
What is the CVSS score of CVE-2026-54724?
CVE-2026-54724 has a CVSS v4.0 base score of 6.1 (CNA self-assessment; NVD's own analysis pending).
How do I remediate CVE-2026-54724?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-54724, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-54724

Explore →

Is Your Infrastructure Affected by CVE-2026-54724?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.