CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
BaseDraftLikelihood: Low
Description
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-178
CVEs mapped to this weakness (427)
page 18 of 22| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-16569 | Med | 0.31 | 4.8 | 0.00 | Nov 6, 2017 | An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. | |
| CVE-2025-55207 | Med | 0.29 | — | 0.00 | Aug 15, 2025 | Astro is a web framework for content-driven websites. Following CVE-2025-54793 there's still an Open Redirect vulnerability in a subset of Astro deployment scenarios prior to version 9.4.1. Astro 5.12.8 addressed CVE-2025-54793 where https://example.com//astro.build/press would redirect to the external origin //astro.build/press. However, with the Node deployment adapter in standalone mode and trailingSlash set to "always" in the Astro configuration, https://example.com//astro.build/press still redirects to //astro.build/press. This affects any user who clicks on a specially crafted link pointing to the affected domain. Since the domain appears legitimate, victims may be tricked into trusting the redirected page, leading to possible credential theft, malware distribution, or other phishing-related attacks. This issue has been patched in version 9.4.1. | |
| CVE-2026-45448 | Med | 0.28 | 4.3 | 0.00 | May 14, 2026 | CWE-601 URL redirection to untrusted site ('open redirect') | |
| CVE-2026-42525 | Med | 0.28 | 4.3 | 0.00 | Apr 29, 2026 | Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks. | |
| CVE-2026-30346 | Med | 0.28 | 4.3 | 0.00 | Apr 27, 2026 | An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL. | |
| CVE-2026-41126 | Med | 0.28 | 4.3 | 0.00 | Apr 22, 2026 | BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds are available. | |
| CVE-2026-35411 | Med | 0.28 | 4.3 | 0.00 | Apr 6, 2026 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus is vulnerable to an open redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication (2FA) visits a crafted URL, they are presented with the legitimate Directus 2FA setup page. After completing the setup process, the application redirects the user to the attacker-controlled URL specified in the redirect parameter without any validation. This vulnerability could be used in phishing attacks targeting Directus administrators, as the initial interaction occurs on a trusted domain. This vulnerability is fixed in 11.16.1. | |
| CVE-2026-5467 | Med | 0.28 | 4.3 | 0.00 | Apr 3, 2026 | A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirect_uri leads to open redirect. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2026-34442 | Med | 0.28 | 5.4 | 0.00 | Mar 31, 2026 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version (http://localhost:8080/system/status) allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External Resource Loading and Open Redirect behavior. When the application constructs links and assets using the unvalidated Host header, user requests can be redirected to attacker-controlled domains and external resources may be loaded from malicious servers. This issue has been patched in version 1.8.211. | |
| CVE-2026-4799 | Med | 0.28 | 4.3 | 0.00 | Mar 31, 2026 | In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL. | |
| CVE-2026-1369 | Med | 0.28 | 4.3 | 0.00 | Feb 22, 2026 | The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue | |
| CVE-2025-65717 | Med | 0.28 | 4.3 | 0.00 | Feb 16, 2026 | An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page. | |
| CVE-2025-2418 | Med | 0.28 | 4.3 | 0.00 | Feb 16, 2026 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in TR7 Cyber Defense Inc. Web Application Firewall allows Phishing. This issue affects Web Application Firewall: from 4.30 before v1.4.0.117. | |
| CVE-2026-2153 | Med | 0.28 | 4.3 | 0.00 | Feb 8, 2026 | A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function is_safe_url of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | |
| CVE-2025-14692 | Med | 0.28 | 4.3 | 0.00 | Dec 15, 2025 | A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is sufficient to resolve this issue. The affected component should be upgraded. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete." | |
| CVE-2025-54196 | Med | 0.28 | 4.3 | 0.00 | Oct 14, 2025 | Adobe Connect versions 12.9 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction in that a victim must click on a crafted link. | |
| CVE-2025-10229 | Med | 0.28 | 4.3 | 0.00 | Sep 10, 2025 | A vulnerability has been found in Freshwork up to 1.2.3. This impacts an unknown function of the file /api/v2/logout. Such manipulation of the argument post_logout_redirect_uri leads to open redirect. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.3 will fix this issue. You should upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-55706 | Med | 0.28 | 4.3 | 0.00 | Aug 20, 2025 | URL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter may be inserted into the password reset page, which may lead to redirection to an arbitrary URL. | |
| CVE-2025-7785 | Med | 0.28 | 4.3 | 0.00 | Jul 18, 2025 | A vulnerability classified as problematic was found in thinkgem JeeSite up to 5.12.0. This vulnerability affects the function sso of the file src/main/java/com/jeesite/modules/sys/web/SsoController.java. The manipulation of the argument redirect leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 3d06b8d009d0267f0255acc87ea19d29d07cedc3. It is recommended to apply a patch to fix this issue. | |
| CVE-2025-7763 | Med | 0.28 | 4.3 | 0.00 | Jul 17, 2025 | A vulnerability, which was classified as problematic, was found in thinkgem JeeSite up to 5.12.0. Affected is the function select of the file src/main/java/com/jeesite/modules/cms/web/SiteController.java of the component Site Controller. The manipulation of the argument redirect leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 3d06b8d009d0267f0255acc87ea19d29d07cedc3. It is recommended to apply a patch to fix this issue. |