CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2026-53523 MEDIUM
Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection
CVSS 6.8
CVE-2026-50089 MEDIUM
Aqara IAM/SSO Gateway open redirect
CVSS 6.1
CVE-2026-46616 MEDIUM
Umbraco CMS Surface Controllers - Open Redirect
CVSS 5.4
CVE-2026-48856 MEDIUM
httpc leaks Authorization header to cross-origin redirect targets
CVSS 6.5
CVE-2026-45566 MEDIUM
Roxy-WI: Open redirect on /login?next= via basic-auth userinfo syntax bypass
CVSS 6.1
CVE-2026-53440 MEDIUM
Jenkins - URL Redirection to Untrusted Site ('Open Redirect')
CVSS 4.3
CVE-2026-53437 MEDIUM
Jenkins - URL Redirection to Untrusted Site ('Open Redirect')
CVSS 4.3
CVE-2026-53436 MEDIUM
Jenkins - URL Redirection to Untrusted Site ('Open Redirect')
CVSS 4.3
CVE-2026-41706 MEDIUM
Spring Security - Open Redirect When Using CookieRequestCache
CVSS 6.1
CVE-2026-41008 MEDIUM
Spring Security Authorization Server Open Redirect via request_uri
CVSS 6.1
CVE-2026-47991 MEDIUM
Adobe Experience Manager | URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)
CVSS 4.3
CVE-2026-28301 MEDIUM
SolarWinds Observability Self-Hosted Open Redirect Vulnerability
CVSS 4.8
CVE-2026-47347 MEDIUM
TYPO3 CMS - Open Redirect in Core Utilities
CVE-2026-41844 MEDIUM
Spring Framework Open Redirect in Spring MVC and WebFlux
CVSS 4.2
CVE-2026-11502 LOW
JeecgBoot Third-Party Login ThirdLoginController.java HttpServletResponse.sendRedirect redirect
CVSS 3.1
CVE-2026-11477 MEDIUM
hs-web hsweb-framework OAuth2 Client OAuth2Client.java OAuth2Client redirect
CVSS 4.3
CVE-2026-21826 MEDIUM
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection
CVSS 6.1
CVE-2026-10861 MEDIUM
MISP post-login open redirect via pre_login_requested_url
CVSS 6.1
CVE-2026-10856 MEDIUM
Open redirect in MISP dashboard button widget URL handling
CVSS 6.1
CVE-2026-43924 MEDIUM
FOSSBilling <0.8.0 Redirect Module - Open Redirect
CVE-2026-41569 MEDIUM
authentik Before 2026.2.3 - WS-Federation wreply Origin Bypass
CVSS 6.1
CVE-2026-40181 MEDIUM
React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation
CVSS 6.1
CVE-2026-45278 LOW
Nextcloud user_oidc 6.1.0-8.2.1 - Open Redirect via Login Flow
CVSS 3.3
CVE-2026-40961 HIGH
Apache Airflow: Open Redirect Bypass Vulnerability
CVSS 7.2
CVE-2026-49380 LOW
Jetbrains TeamCity < 2026.1 - URL Redirection to Untrusted Site ('Open Redirect')
CVSS 3.1
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits