CWE-601— URL Redirection to Untrusted Site (Open Redirect)
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.— MITRE CWE catalog
1,432 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-601page 29 of 29
- CVE-2026-48924MEDIUMCVSS 4.3EG 4.32026-05-27
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
- CVE-2026-49059MEDIUMCVSS 4.7EG 4.72026-05-27
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Facebook Facebook for WooCommerce allows Phishing. This issue affects Facebook for WooCommerce: from n/a through 3.7.0.
- CVE-2026-49380MEDIUMCVSS 6.1EG 3.12026-05-29
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
- CVE-2026-50089MEDIUMCVSS 6.1EG 6.12026-06-12
The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (6.1 Medium), which ca…
- CVE-2026-52802MEDIUMCVSS 5.4EG 5.42026-06-23
Gogs is an open source self-hosted Git service. Prior to 0.14.3, an open redirect vulnerability exists in Gogs where attacker-controlled redirect_to parameters can bypass validation, allowing redirection to arbitrary external sites. All re…
- CVE-2026-53436MEDIUMCVSS 4.3EG 4.32026-06-10
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments (`./` or `../`), allowing attackers to perform phishing at…
- CVE-2026-53437MEDIUMCVSS 4.3EG 4.32026-06-10
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between `//`, allowing attackers to perform phishing at…
- CVE-2026-53440MEDIUMCVSS 4.3EG 4.32026-06-10
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redire…
- CVE-2026-53523MEDIUMCVSS 6.8EG 6.82026-06-12
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the getRedirectURL function in oauth2.go:22-29 constructs the OAuth2 callback URL by concatenating …
- CVE-2026-53662CRITICALCVSS 9.6EG 9.62026-06-23
immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting (XSS) vulnerability on the /auth/login page allows an attacker to fully compromise any authe…
- CVE-2026-54276MEDIUMCVSS 6.1EG 6.12026-06-15
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulner…
- CVE-2026-54588CRITICALCVSS 9.6EG 9.62026-06-23
Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` request header as the authoritative source for building callback URLs in its OIDC, SAML, and l…
- CVE-2026-5467MEDIUMCVSS 4.3EG 4.32026-04-03
A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirect_uri leads to open redirect. It is poss…
- CVE-2026-54724MEDIUMCVSS 6.1EG 6.12026-07-06
Kiwi TCMS has an Open Redirect via unvalidated next parameter in account confirmation endpoint ### Summary An open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a …
- CVE-2026-55237HIGHCVSS 8.8EG 8.82026-06-18
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions prior to 0.6.62 have a DOM-based Cross-Site Scripting (XSS) vulnerability in AutoGPT's signup page. The app…
- CVE-2026-55431MEDIUMCVSS 6.1EG 6.12026-07-06
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `coder open app` opens external workspace-app URLs without validating the scheme or host. When an …
- CVE-2026-55461MEDIUMCVSS 6.1EG 6.12026-07-10
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url()->previous() from the attacker-controlled Referer header into Laravel’s intended URL session value and later uses redirect()->intended(...)…
- CVE-2026-55590MEDIUMCVSS 5.1EG 5.12026-06-17
CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 based applications. Prior to 2.11.1, 3.3.6, and 4.1.1, the getLoginRedirect() method contains a weakness to backslash bypasses that allows redire…
- CVE-2026-55660HIGHCVSS 7.6EG 7.62026-06-19
Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library register…
- CVE-2026-55806NONECVSS 0.0EG 0.02026-07-10
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to…
- CVE-2026-56326MEDIUMCVSS 6.1EG 6.12026-06-16
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and /.//evil.com. Attackers can bypass exter…
- CVE-2026-56330LOWCVSS 3.5EG 3.52026-06-20
Capgo before 12.128.2 contains an open redirect vulnerability in stripe_portal and stripe_checkout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URL…
- CVE-2026-56332MEDIUMCVSS 4.7EG 4.72026-06-20
Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary external websites. The confirmation_url parameter is not validated, enabling attackers to cra…
- CVE-2026-56697MEDIUMCVSS 6.1EG 6.12026-06-22
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass the script-protocol check but resolve to a cross-origin URL against the current page protoco…
- CVE-2026-58450MEDIUMCVSS 4.3EG 4.32026-06-30
Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value in…
- CVE-2026-58520MEDIUMCVSS 6.1EG 6.12026-07-01
URL redirection to untrusted site ('open redirect') vulnerability in The Wikimedia Foundation Mediawiki - UrlShortener Extension allows Cross-Site Flashing. This issue affects Mediawiki - UrlShortener Extension: from * before 1.43.9, 1.44…
- CVE-2026-59180LOWCVSS 3.1EG 3.12026-07-10
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins and HTTP attachment and config loaders in…
- CVE-2026-59806HIGHCVSS 7.4EG 7.42026-07-08
Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch()…
- CVE-2026-6203MEDIUMCVSS 6.1EG 6.12026-04-13
The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirect_to_on_logout' GET parameter…
- CVE-2026-6795CRITICALCVSS 9.6EG 9.62026-05-07
URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Parameter Injection. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.
- CVE-2026-7504HIGHCVSS 8.1EG 8.12026-05-19
A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive i…
- CVE-2026-9245MEDIUMCVSS 5.0EG 5.02026-05-26
Improper input validation in the external authentication provider flow in Devolutions Server... Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redi…
Map vulnerabilities like CWE-601 to your infrastructure
EchelonGraph correlates every CVE — across CWE-601 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →