What is GHSA-7pq2-fhx9-x464?

GHSA-7pq2-fhx9-x464 is a security advisory published by GitHub Security Advisories with Low severity. Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect...

Which CVE IDs does GHSA-7pq2-fhx9-x464 cover?

GHSA-7pq2-fhx9-x464 covers the following CVE IDs: CVE-2026-48589. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-7pq2-fhx9-x464?

GHSA-7pq2-fhx9-x464 has a CVSS v3 base score of 5.4, published by GitHub Security Advisories.

GHSA-7pq2-fhx9-x464LowCVSS 5.4

Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 28, 2026

🔗 CVE IDs covered (1)

CVE-2026-48589 →

📋 Description

Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module. This issue affects Apache Shiro from 2.0-alpha to 2.2.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-48589
https://shiro.apache.org/security-reports.html#cve_2026_48589
http://www.openwall.com/lists/oss-security/2026/05/25/9
https://github.com/advisories/GHSA-7pq2-fhx9-x464