CWE-601— URL Redirection to Untrusted Site (Open Redirect)
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.— MITRE CWE catalog
1,432 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-601page 27 of 29
- CVE-2026-25956MEDIUMCVSS 6.1EG 6.12026-02-10
Frappe is a full-stack web application framework. Prior to 14.99.14 and 15.94.0, an attacker could craft a malicious signup URL for a frappe site which could lead to an open redirect (or reflected XSS, depending on the crafted payload) whe…
- CVE-2026-26003MEDIUMCVSS 5.4EG 5.42026-02-10
FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system…
- CVE-2026-2709LOWCVSS 3.5EG 3.52026-02-19
A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open…
- CVE-2026-28106MEDIUMCVSS 4.7EG 4.72026-03-06
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kings Plugins B2BKing Premium allows Phishing.This issue affects B2BKing Premium: from n/a before 5.4.20.
- CVE-2026-2813MEDIUMCVSS 4.7EG 4.72026-05-20
ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirec…
- CVE-2026-28301MEDIUMCVSS 4.8EG 4.82026-06-09
A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website.
- CVE-2026-30346MEDIUMCVSS 4.3EG 4.32026-04-27
An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL.
- CVE-2026-3049MEDIUMCVSS 4.3EG 4.32026-02-24
A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horilla_generics/global_search.py of the component Query Parameter Handler. The manipulation of the argument prev_url r…
- CVE-2026-31982HIGHCVSS 7.1EG 7.12026-07-09
An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint …
- CVE-2026-32932MEDIUMCVSS 4.7EG 4.72026-04-10
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after s…
- CVE-2026-33102CRITICALCVSS 9.3EG 9.32026-04-23
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-3318MEDIUMCVSS 5.3EG 5.32026-05-08
Open redirection vulnerability in the latest demo version of the Cradle eCommerce platform. The vulnerability occurs in the login form endpoint, where the ‘returnUrl’ parameter allows redirection because the web application accepts a U…
- CVE-2026-33510HIGHCVSS 8.8EG 8.82026-04-06
Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been discovered in Homarr's /auth/login page. The application improperly trusts a URL parameter (callbackUrl), which is passed to…
- CVE-2026-33709MEDIUMCVSS 6.1EG 6.12026-04-03
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an open redirect vulnerability in JupyterHub allows attackers to construct links which, when clicked, take users to the Jup…
- CVE-2026-34083MEDIUMCVSS 6.1EG 6.12026-04-02
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used …
- CVE-2026-34257MEDIUMCVSS 6.1EG 6.12026-04-14
Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This caus…
- CVE-2026-34283MEDIUMCVSS 6.1EG 6.12026-04-21
Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated a…
- CVE-2026-34284MEDIUMCVSS 6.1EG 6.12026-04-21
Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Human workflow 11g+). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allo…
- CVE-2026-34315MEDIUMCVSS 6.5EG 6.52026-04-21
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allow…
- CVE-2026-34847MEDIUMCVSS 4.7EG 4.72026-04-02
hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, the /enter page contains a DOM-based open redirect vulnerability. The redirect query parameter is directly used to construct a URL and redirect the user wit…
- CVE-2026-34931CRITICALCVSS 9.6EG 9.62026-04-02
hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. With these tokens, the attacker can sign in as the victim to takeover their accoun…
- CVE-2026-35253MEDIUMCVSS 4.7EG 4.72026-05-06
Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromis…
- CVE-2026-35258HIGHCVSS 8.7EG 8.72026-06-17
Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with netwo…
- CVE-2026-35259HIGHCVSS 8.8EG 8.82026-06-17
Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with netw…
- CVE-2026-35302HIGHCVSS 8.3EG 8.32026-06-17
Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with ne…
- CVE-2026-35396MEDIUMCVSS 6.1EG 6.12026-04-06
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combin…
- CVE-2026-35398MEDIUMCVSS 6.1EG 6.12026-04-06
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combin…
- CVE-2026-35404MEDIUMCVSS 4.7EG 4.72026-04-06
Open edX Platform enables the authoring and delivery of online learning at any scale. The view_survey endpoint accepts a redirect_url GET parameter that is passed directly to HttpResponseRedirect() without any URL validation. When a non-ex…
- CVE-2026-35410MEDIUMCVSS 6.1EG 6.12026-04-06
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, an open redirect vulnerability exists in the login redirection logic. The isLoginRedirectAllowed function fails to correctly identify certai…
- CVE-2026-35411MEDIUMCVSS 4.3EG 4.32026-04-06
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus is vulnerable to an open redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not …
- CVE-2026-35472MEDIUMCVSS 6.1EG 6.12026-04-06
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combin…
- CVE-2026-35473MEDIUMCVSS 6.1EG 6.12026-04-06
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combin…
- CVE-2026-35474MEDIUMCVSS 6.1EG 6.12026-04-06
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $_GET with no URL validation or whitelist check, then used verbatim in a header…
- CVE-2026-35475MEDIUMCVSS 6.1EG 6.12026-04-06
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $_GET with no URL validation or whitelist check, then used verbatim in a header("Location: ...") call. This vulnerability is …
- CVE-2026-3872HIGHCVSS 7.3EG 7.32026-04-02
A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to …
- CVE-2026-39484MEDIUMCVSS 4.7EG 4.72026-04-08
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00.
- CVE-2026-39940MEDIUMCVSS 5.3EG 5.32026-04-13
ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an…
- CVE-2026-39985MEDIUMCVSS 4.3EG 4.32026-04-09
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, the redirect parameter upon login to LORIS was not v…
- CVE-2026-40037MEDIUMCVSS 6.5EG 6.52026-04-08
OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redir…
- CVE-2026-40080MEDIUMCVSS 6.1EG 6.12026-06-25
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at str_contains($referer, CACTI_PATH_URL). When the user's log…
- CVE-2026-40096MEDIUMCVSS 5.4EG 5.42026-04-15
immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a <meta> tag …
- CVE-2026-40181MEDIUMCVSS 6.1EG 6.12026-06-02
React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinte…
- CVE-2026-40255MEDIUMCVSS 6.1EG 6.12026-04-16
AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions prior to 7.8.1 and 8.0.0-next.0 through 8.1.3, and @adonisjs/core versions prior to 7.4.0, the response.redirect().ba…
- CVE-2026-40295MEDIUMCVSS 6.1EG 6.12026-05-22
Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in Devise, the FailureApp#redirect_url method returns request.referrer — the HTTP Referer header, which i…
- CVE-2026-40299MEDIUMCVSS 6.9EG 6.92026-04-17
next-intl provides internationalization for Next.js. Applications using the `next-intl` middleware prior to version 4.9.1with `localePrefix: 'as-needed'` could construct URLs where path handling and the WHATWG URL parser resolved a relativ…
- CVE-2026-40332MEDIUMCVSS 5.3EG 5.32026-05-06
Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes (//) as internal paths, failing to validate the redirect ta…
- CVE-2026-40905HIGHCVSS 8.1EG 8.12026-04-21
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper trust of user-controlled HTTP headers. The application uses the X-Forward…
- CVE-2026-40961HIGHCVSS 7.2EG 7.22026-06-01
A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to …
- CVE-2026-41008MEDIUMCVSS 6.1EG 6.12026-06-10
Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvali…
- CVE-2026-41106CRITICALCVSS 9.3EG 9.32026-07-02
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
Map vulnerabilities like CWE-601 to your infrastructure
EchelonGraph correlates every CVE — across CWE-601 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →