CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,448 vulnerabilities with CWE-601
CVE-2026-35475 MEDIUM
WeGIA - Open Redirect - backup redirection — Unvalidated $_GET['redirect']
CVSS 6.1
CVE-2026-35474 MEDIUM
WeGIA - Open Redirect - atualizacao redirection - Unvalidated $_GET['redirect']
CVSS 6.1
CVE-2026-35473 MEDIUM
WeGIA - Open Redirect - IentradaControle - listarId() - Unvalidated $_GET['nextPage']
CVSS 6.1
CVE-2026-35411 MEDIUM
Directus is an Open Redirect in Admin 2FA Setup Page
CVSS 4.3
CVE-2026-35410 MEDIUM
Directus has an Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow
CVSS 6.1
CVE-2026-35404 MEDIUM
Open edX Platform has an Open Redirect in Survey Views via Unvalidated redirect_url Parameter
CVSS 4.7
CVE-2026-35472 MEDIUM
WeGIA - Open Redirect - EstoqueControle - listarTodos() - Unvalidated $_GET['nextPage']
CVSS 6.1
CVE-2026-35398 MEDIUM
WeGIA - Open Redirect - OrigemControle - listarTodos() & listarId_Nome() - Unvalidated $_GET['nextPage']
CVSS 6.1
CVE-2026-35396 MEDIUM
WeGIA - Open Redirect - IsaidaControle - listarId() - Unvalidated $_GET['nextPage']
CVSS 6.1
CVE-2026-33510 HIGH
DOM-Based XSS in Homarr /auth/login Redirect
CVSS 8.8
CVE-2026-33709 MEDIUM
JupyterHub has an Open Redirect Vulnerability
CVSS 6.1
CVE-2026-5467 MEDIUM
Casdoor OAuth Authorization Request redirect
CVSS 4.3
CVE-2026-34931 CRITICAL
hoppscotch: Improper loopback redirect_uri validation in device-login flow
CVSS 9.6
CVE-2026-34847 MEDIUM
hoppscotch: Open redirect via `/enter?redirect=`
CVSS 4.7
CVE-2026-34083 MEDIUM
signalk-server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow
CVSS 6.1
CVE-2026-3872 HIGH
Keycloak: keycloak: information disclosure due to redirect_uri validation bypass
CVSS 7.3
CVE-2026-2475 LOW
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
CVSS 3.1
CVE-2026-34442 MEDIUM
FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout
CVSS 5.4
CVE-2026-32113 MEDIUM
Discourse: Open redirect via `sso_destination_url` cookie in `enter`
CVSS 6.1
CVE-2026-4799 MEDIUM
Open redirect vulnerability in Search Guard Kibana Plugin via manipulated requests
CVSS 4.3
CVE-2026-33885 MEDIUM
Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential
CVSS 6.1
CVE-2026-33868 MEDIUM
Mastodon has a GET-Based Open Redirect via '/web/%2F<domain>'
CVSS 4.3
CVE-2026-33506 HIGH
DOM-Based XSS in Ory Polis Login Page
CVSS 8.8
CVE-2026-33397 MEDIUM
Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass
CVE-2026-1166 MEDIUM
Open Redirect Vulnerability in Hitachi Ops Center Administrator
CVSS 4.3
Details
Vulnerabilities 1,448
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits