VYPR

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

BaseDraftLikelihood: Low

Description

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-178

CVEs mapped to this weakness (835)

page 6 of 42
  • CVE-2024-58342MedApr 1, 2026
    risk 0.41cvss 6.3epss 0.00

    XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect() function does not adequately validate the redirect target, allowing attackers to redirect users to arbitrary external sites using crafted URLs containing newlines, user…

  • CVE-2024-12924MedSep 1, 2025
    risk 0.41cvss 6.3epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akınsoft QR Menü allows Forceful Browsing, Phishing. This issue affects QR Menü: from s1.05.05 before v1.05.12.

  • CVE-2024-34328MedJul 31, 2025
    risk 0.41cvss 6.3epss 0.00

    An open redirect in Sielox AnyWare v2.1.2 allows attackers to execute a man-in-the-middle attack via a crafted URL.

  • CVE-2025-3522MedApr 15, 2025
    risk 0.41cvss 6.3epss 0.00

    Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the…

  • CVE-2016-1000001HigOct 7, 2016
    risk 0.41cvss 7.4epss 0.01

    flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect

  • CVE-2016-3726HigMay 17, 2016
    risk 0.41cvss 7.4epss 0.02

    Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.

  • CVE-2026-50089MedJun 12, 2026
    risk 0.40cvss 6.1epss 0.00

    The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (6.1 Medium), which can be used to set up a phishing attack.

  • CVE-2026-45566MedJun 10, 2026
    risk 0.40cvss 6.1epss 0.00

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or http:// substrings, then constructs https://{request.host}{next_url} and the JS…

  • CVE-2026-41706MedJun 10, 2026
    risk 0.40cvss 6.1epss 0.00

    Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in…

  • CVE-2026-41008MedJun 10, 2026
    risk 0.40cvss 6.1epss 0.00

    Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvalidated redirect_uri, which can lead to an…

  • CVE-2026-21826MedJun 5, 2026
    risk 0.40cvss 6.1epss 0.00

    HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection.  An attacker can manipulate the Host header and cause the application to behave in unexpected ways.

  • CVE-2026-40961HigJun 1, 2026
    risk 0.40cvss 7.2epss 0.01

    A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to `apache-airflow` 3.2.2 or…

  • CVE-2026-45307MedMay 28, 2026
    risk 0.40cvss 6.1epss 0.00

    Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the is_safe_url() helper used to validate post-login redirect targets applied urljoin(request.host_url, target) before parsing, while the controller passed the…

  • CVE-2025-26483MedMay 22, 2026
    risk 0.40cvss 6.1epss 0.00

    Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be…

  • CVE-2026-42230MedMay 4, 2026
    risk 0.40cvss 6.1epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirect_uri values to be registered. When a user denies the MCP…

  • CVE-2026-34284MedApr 21, 2026
    risk 0.40cvss 6.1epss 0.00

    Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Human workflow 11g+). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network…

  • CVE-2026-34283MedApr 21, 2026
    risk 0.40cvss 6.1epss 0.00

    Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2026-34257MedApr 14, 2026
    risk 0.40cvss 6.1epss 0.00

    Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and…

  • CVE-2026-6203MedApr 13, 2026
    risk 0.40cvss 6.1epss 0.01

    The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirect_to_on_logout' GET parameter before redirecting users. The…

  • CVE-2025-61166MedApr 6, 2026
    risk 0.40cvss 6.1epss 0.00

    An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL.