CWE-601— URL Redirection to Untrusted Site (Open Redirect)
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.— MITRE CWE catalog
1,432 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-601page 26 of 29
- CVE-2026-0508HIGHCVSS 7.3EG 7.32026-02-10
The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resultin…
- CVE-2026-0513MEDIUMCVSS 4.7EG 4.72026-01-13
Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled si…
- CVE-2026-10562MEDIUMCVSS 5.9EG 5.92026-06-30
An unauthenticated URL redirection vulnerability has been identified in Archer AX20 V2 due to improper validation of user-supplied URL input within the web interface. An unauthenticated attacker can craft URLs containing URL-encoded path…
- CVE-2026-10837MEDIUMCVSS 5.1EG 5.12026-06-17
Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the att…
- CVE-2026-10839MEDIUMCVSS 5.1EG 5.12026-06-17
Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users…
- CVE-2026-10856MEDIUMCVSS 6.1EG 6.12026-06-04
A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an external URL. The validation rejected URLs containing an explicit sch…
- CVE-2026-10861MEDIUMCVSS 6.1EG 6.12026-06-04
An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_requested_url session key was used as the post-login redirect destination without sufficiently enforcing that it wa…
- CVE-2026-11477MEDIUMCVSS 4.3EG 4.32026-06-08
A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of t…
- CVE-2026-11502LOWCVSS 3.1EG 3.12026-06-08
A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java…
- CVE-2026-12049MEDIUMCVSS 6.1EG 4.32026-06-19
Open redirect in pgAdmin 4's multi-factor authentication flow. The MFA validate and register endpoints honoured the user-supplied 'next' query/form parameter without confirming the target pointed back inside pgAdmin, so an authenticated vi…
- CVE-2026-12622MEDIUMCVSS 5.4EG 5.42026-06-19
The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.
- CVE-2026-1277MEDIUMCVSS 4.7EG 4.72026-02-18
The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirect_to' parameter in the promotional dismissal handler. This makes it possible fo…
- CVE-2026-12804MEDIUMCVSS 4.3EG 4.32026-06-21
A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of …
- CVE-2026-12863MEDIUMCVSS 5.1EG 5.12026-06-22
An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains.
- CVE-2026-1296MEDIUMCVSS 6.1EG 6.12026-02-18
The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requested_page' POST parameter in the verify_username_passw…
- CVE-2026-13163MEDIUMCVSS 5.3EG 5.32026-06-24
Open redirect vulnerability (CWE-601) in the _safe_redirect function of the click-tracking endpoint (/c/<token>/) in Mailerup <1.0.0 on all platforms allows remote unauthenticated attackers to redirect victims to arbitrary external sites …
- CVE-2026-1369MEDIUMCVSS 4.3EG 4.32026-02-22
The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue
- CVE-2026-1406LOWCVSS 3.5EG 3.52026-01-25
A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of the component Host Header Handler. This…
- CVE-2026-14632MEDIUMCVSS 4.3EG 4.32026-07-04
A vulnerability was found in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 95dfa8cebbb87ab46ae450643a07241274a74dce. Affected by this issue is the function setReferrer of the file application/core/MY_Controller.php of the component Tru…
- CVE-2026-1970LOWCVSS 3.5EG 3.52026-02-05
A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redirect. The attack can be initiated remote…
- CVE-2026-20060MEDIUMCVSS 4.7EG 4.72026-04-15
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP r…
- CVE-2026-20123MEDIUMCVSS 6.1EG 4.32026-02-04
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This v…
- CVE-2026-20178MEDIUMCVSS 4.3EG 4.32026-06-17
A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer…
- CVE-2026-20994MEDIUMCVSS 6.1EG 6.12026-03-16
URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token.
- CVE-2026-2153MEDIUMCVSS 4.3EG 4.32026-02-08
A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function is_safe_url of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be …
- CVE-2026-21741LOWCVSS 2.4EG 2.42026-04-14
An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with s…
- CVE-2026-21826MEDIUMCVSS 6.1EG 6.12026-06-05
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways.
- CVE-2026-21879MEDIUMCVSS 4.7EG 4.72026-01-08
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By cra…
- CVE-2026-22032MEDIUMCVSS 4.3EG 4.32026-01-08
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.14.0, an open redirect vulnerability exists in the Directus SAML authentication callback endpoint. During SAML authentication, the `RelayS…
- CVE-2026-22560MEDIUMCVSS 5.3EG 5.32026-04-10
An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint.
- CVE-2026-22912MEDIUMCVSS 4.3EG 4.32026-01-15
Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users.
- CVE-2026-23726MEDIUMCVSS 6.1EG 6.12026-01-16
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combin…
- CVE-2026-23727MEDIUMCVSS 6.1EG 6.12026-01-16
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combin…
- CVE-2026-23728MEDIUMCVSS 6.1EG 6.12026-01-16
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combin…
- CVE-2026-23729MEDIUMCVSS 6.1EG 6.12026-01-16
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combin…
- CVE-2026-23730MEDIUMCVSS 6.1EG 6.12026-01-16
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combin…
- CVE-2026-2376MEDIUMCVSS 5.4EG 4.92026-03-12
A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automa…
- CVE-2026-23817MEDIUMCVSS 6.5EG 6.52026-03-11
A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL.
- CVE-2026-23818HIGHCVSS 8.8EG 8.82026-04-07
A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successfu…
- CVE-2026-24052HIGHCVSS 7.4EG 7.42026-02-03
Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith() function to validate…
- CVE-2026-24323MEDIUMCVSS 6.1EG 6.12026-02-10
The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the vict…
- CVE-2026-24328MEDIUMCVSS 6.1EG 6.12026-02-10
SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in…
- CVE-2026-2475LOWCVSS 3.1EG 3.12026-04-01
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a r…
- CVE-2026-24768MEDIUMCVSS 6.1EG 6.12026-01-28
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect (open redirect) vulnerability exists in NocoDB’s login flow due to missing validation of the `continueAfterSignIn` parameter. Du…
- CVE-2026-25149MEDIUMCVSS 6.1EG 6.12026-02-03
Qwik is a performance focused javascript framework. Prior to version 1.19.0, an Open Redirect vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users to arbitrary protocol-relative URLs. S…
- CVE-2026-25198MEDIUMCVSS 4.7EG 4.72026-02-05
web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an open redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially crafted URL. As…
- CVE-2026-25392MEDIUMCVSS 4.7EG 4.72026-02-19
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.This issue affects Update URL…
- CVE-2026-25651MEDIUMCVSS 6.1EG 6.12026-02-06
client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally …
- CVE-2026-25779MEDIUMCVSS 6.1EG 6.12026-06-17
Gitea versions up to and including 1.25.4 allow redirect bypasses through raw or percent-encoded backslashes in redirect_to values.
- CVE-2026-25854MEDIUMCVSS 6.1EG 6.12026-04-09
Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.…
Map vulnerabilities like CWE-601 to your infrastructure
EchelonGraph correlates every CVE — across CWE-601 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →