CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2026-3872 HIGH
Red Hat Keycloak 26.2 and 26.4 - redirect_uri Access Token Disclosure
CVSS 7.3
CVE-2026-2475 LOW
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
CVSS 3.1
CVE-2026-34442 MEDIUM
FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout
CVSS 5.4
CVE-2026-32113 MEDIUM
Discourse: Open redirect via `sso_destination_url` cookie in `enter`
CVSS 6.1
CVE-2026-4799 MEDIUM
Open redirect vulnerability in Search Guard Kibana Plugin via manipulated requests
CVSS 4.3
CVE-2026-33885 MEDIUM
Statamic Unauthenticated Endpoints - Open Redirect
CVSS 6.1
CVE-2026-33868 MEDIUM
Mastodon /web Encoded Slash - Open Redirect
CVSS 4.3
CVE-2026-33506 HIGH
DOM-Based XSS in Ory Polis Login Page
CVSS 8.8
CVE-2026-33397 MEDIUM
Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass
CVSS 6.1
CVE-2026-1166 MEDIUM
Open Redirect Vulnerability in Hitachi Ops Center Administrator
CVSS 4.3
CVE-2026-33296 MEDIUM
AVideo <26.0 userLogin.php redirectUri - Open Redirect
CVSS 6.1
CVE-2026-29105 MEDIUM
SuiteCRM has Unauthenticated Open Redirect in Leads WebToLead Capture
CVSS 5.4
CVE-2026-20994 MEDIUM
Samsung Account <15.5.01.1 - Open Redirect
CVSS 6.1
CVE-2026-32235 MEDIUM
Backstage plugin-auth-backend < 0.27.1 - Open Redirect via OIDC Provider Redirect URI Bypass
CVSS 5.9
CVE-2026-2376 MEDIUM
mirror-registry - Redirect-Based Server-Side Request Forgery
CVSS 4.9
CVE-2026-3824 MEDIUM
WellChoose Organization Portal System < iftop_p4_181 - Authenticated Open Redirect
CVSS 6.1
CVE-2026-23817 MEDIUM
HPE AOS-CX Unauthenticated Open Redirect via Web Management Interface
CVSS 6.5
CVE-2026-21295 LOW
Adobe Commerce <=2.4.9-alpha3 - Open Redirect
CVSS 3.1
CVE-2026-31819 MEDIUM
Sylius < 1.9.12 - Open Redirect via HTTP Referer Header
CVSS 6.1
CVE-2026-28512 HIGH
Pocket ID 2.0.0-2.3.9 - Open Redirect
CVSS 7.1
CVE-2026-29067 HIGH
ZITADEL 4.0.0-rc.1-4.7.0 - Open Redirect
CVSS 8.1
CVE-2026-28106 MEDIUM
B2BKing Premium <=5.3.80 - Open Redirect
CVSS 4.7
CVE-2026-28681 HIGH
IRRd 4.4.0-4.4.4/4.5.0 - Open Redirect
CVSS 8.1
CVE-2026-28413 MEDIUM
Products.isurlinportal <4.0.0 - Open Redirect
CVSS 5.3
CVE-2026-27982 MEDIUM
django-allauth <65.14.1 - Open Redirect
CVSS 6.1
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits