CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,448 vulnerabilities with CWE-601
CVE-2026-41226 MEDIUM
Ricoh Company, Ltd. Multiple Laser Printers And MFPs Which Implement Web Image Monitor - Open Redirect
CVSS 6.1
CVE-2026-42525 MEDIUM
Jenkins Microsoft Entra ID Plugin <=666.v6060de32f87d - Open Redirect
CVSS 4.3
CVE-2026-30346 MEDIUM
DevPush 0.3.2 - Open Redirect
CVSS 4.3
CVE-2026-33102 CRITICAL
Microsoft 365 Copilot Elevation of Privilege Vulnerability
CVSS 9.3
CVE-2026-41126 MEDIUM
BigBlueButton has Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL"
CVSS 4.3
CVE-2026-40905 HIGH
LinkAce: Password Reset Poisoning via X-Forwarded-Host Header Injection Leading to Account Takeover
CVSS 8.1
CVE-2026-34315 MEDIUM
Oracle WebLogic Server 12.2.1.4.0 - RCE
CVSS 6.5
CVE-2026-34284 MEDIUM
Oracle Business Process Management Suite 12.2.1.4.0 - RCE
CVSS 6.1
CVE-2026-34283 MEDIUM
Oracle Identity Manager 12.2.1.4.0 - RCE
CVSS 6.1
CVE-2026-40299 MEDIUM
next-intl has an open redirect vulnerability
CVE-2026-40255 MEDIUM
@adonisjs/http-server has an Open Redirect vulnerability
CVSS 6.1
CVE-2026-20060 MEDIUM
Cisco Unity Connection Open Redirect Vulnerability
CVSS 4.7
CVE-2026-40096 MEDIUM
immich: Open Redirect via Shared Album name
CVSS 5.4
CVE-2026-21741 LOW
Fortinet FortiNAC-F < 7.6.5 - Open Redirect
CVSS 2.4
CVE-2026-34257 MEDIUM
Open Redirect vulnerability in SAP NetWeaver Application Server ABAP
CVSS 6.1
CVE-2026-6203 MEDIUM
User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter
CVSS 6.1
CVE-2026-39940 MEDIUM
ChurchCRM has an Open Redirect via the ‘linkBack’ URL Parameter in DonatedItemEditor.php
CVE-2026-32932 MEDIUM
Chamilo LMS has an Open Redirect via Unvalidated 'page' Parameter in Session Course Edit
CVSS 4.7
CVE-2026-22560 MEDIUM
Rocket.Chat < 8.4.0 - Open Redirect
CVSS 5.3
CVE-2026-25854 MEDIUM
Apache Tomcat: Occasionally open redirect
CVSS 6.1
CVE-2026-39985 MEDIUM
LORIS has an open redirect field on login
CVSS 4.3
CVE-2026-40037 MEDIUM
OpenClaw < 2026.3.31 - Unsafe Request Body Replay via fetchWithSsrFGuard Cross-Origin Redirects
CVSS 6.5
CVE-2026-39484 MEDIUM
WordPress Hide My WP Ghost plugin < 7.0.00 - Open Redirection vulnerability
CVSS 4.7
CVE-2026-35578 MEDIUM
ChurchCRM has an Open Redirect via the ‘linkBack’ URL Parameter in DonatedItemEditor.php
CVE-2026-23818 HIGH
Open Redirect Vulnerability in HPE Aruba Networking Private 5G Core On-Prem
CVSS 8.8
Details
Vulnerabilities 1,448
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits