CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2026-25477 MEDIUM
affine < 0.26.0 - Open Redirect via Improperly Anchored Regular Expression
CVSS 6.1
CVE-2026-28415 MEDIUM
Gradio < 6.6.0 - Open Redirect via Unvalidated _target_url Parameter
CVSS 4.3
CVE-2026-27738 MEDIUM
Angular SSR <19.2.21/20.3.17/21.1.5 - Open Redirect
CVE-2026-27736 MEDIUM
BigBlueButton 3.x <3.0.20 - Open Redirect
CVSS 6.1
CVE-2026-28194 MEDIUM
JetBrains TeamCity <2025.11.3 - Open Redirect
CVSS 4.3
CVE-2026-24847 MEDIUM
OpenEMR < 8.0.0 - Authenticated Open Redirect via Eye Exam Form Module
CVSS 6.1
CVE-2026-3049 MEDIUM
horilla-opensource horilla <=1.0.2 - Open Redirect
CVSS 4.3
CVE-2026-25649 HIGH
Traccar <= 6.11.1 - Authenticated Open Redirect via OIDC Endpoint redirect_uri Parameter
CVSS 7.3
CVE-2026-1369 MEDIUM
Conditional CAPTCHA WordPress Plugin <4.0.0 - Open Redirect
CVSS 4.3
CVE-2026-27191 MEDIUM
Feathersjs <=5.0.39 - Open Redirect
CVSS 6.1
CVE-2026-25392 MEDIUM
Update URLs WordPress <=1.4.0 - Open Redirect
CVSS 4.7
CVE-2026-2709 LOW
busy <= 2.5.5 - Open Redirect via Callback Handler
CVSS 3.5
CVE-2026-0573 CRITICAL
GitHub Enterprise Server - Open Redirect
CVSS 9.0
CVE-2026-1296 MEDIUM
Frontend Post Submission Manager Lite <=1.2.7 - Open Redirect
CVSS 6.1
CVE-2026-1277 MEDIUM
WordPress URL Shortify <1.12.1 - Open Redirect
CVSS 4.7
CVE-2026-26003 MEDIUM
FastGPT <4.14.5 - Unauthenticated RCE
CVSS 5.4
CVE-2026-25956 MEDIUM
Frappe <14.99.14-15.94.0 - Open Redirect
CVSS 6.1
CVE-2026-24328 MEDIUM
SAP TAF_APPLAUNCHER - Open Redirect
CVSS 6.1
CVE-2026-24323 MEDIUM
SAP BSP Applications - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2026-0508 HIGH
SAP BusinessObjects - Open Redirect
CVSS 7.3
CVE-2026-0484 MEDIUM
SAP NetWeaver/S/4HANA - Privilege Escalation
CVSS 6.5
CVE-2026-2153 MEDIUM
mwielgoszewski doorman <0.6 - Open Redirect
CVSS 4.3
CVE-2026-25651 MEDIUM
client-certificate-auth 0.2.1-0.3.0 - Open Redirect via Host Header
CVSS 6.1
CVE-2026-1970 LOW
Edimax BR-6258n <1.18 - Open Redirect
CVSS 3.5
CVE-2026-25198 MEDIUM
web2py <= 2.27.1-stable+timestamp.2023.11.16.08.03.57 - Open Redirect via Crafted URL
CVSS 4.7
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits