CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2026-20123 MEDIUM
Cisco EPNM/Prime Infrastructure - Open Redirect
CVSS 4.3
CVE-2026-25149 MEDIUM
Qwik < 1.19.0 - Open Redirect via Default Request Handler Middleware
CVSS 6.1
CVE-2026-24052 HIGH
Claude Code <1.0.111 - Info Disclosure
CVSS 7.4
CVE-2026-24768 MEDIUM
NocoDB < 0.301.0 - Open Redirect via continueAfterSignIn Parameter
CVSS 6.1
CVE-2026-1406 LOW
lcg0124 BootDo <5ccd963c74058036b466e038cff37de4056c1600 - Open Red...
CVSS 3.5
CVE-2026-23730 MEDIUM
WeGIA < 3.6.2 - Open Redirect via nextPage Parameter
CVSS 6.1
CVE-2026-23729 MEDIUM
WeGIA < 3.6.2 - Open Redirect via nextPage Parameter in control.php
CVSS 6.1
CVE-2026-23728 MEDIUM
WeGIA < 3.6.2 - Open Redirect via nextPage Parameter
CVSS 6.1
CVE-2026-23727 MEDIUM
WeGIA < 3.6.2 - Open Redirect via nextPage Parameter in control.php
CVSS 6.1
CVE-2026-23726 MEDIUM
WeGIA < 3.6.2 - Open Redirect via nextPage Parameter
CVSS 6.1
CVE-2026-22912 MEDIUM
SICK TDC-X401GL Firmware < 1.5.0 - Open Redirect via Login Parameter
CVSS 4.3
CVE-2026-0513 MEDIUM
SAP Supplier Relationship Management - Unauthenticated Open Redirect via SICF Handler
CVSS 4.7
CVE-2026-22032 MEDIUM
Directus < 11.14.0 - Unauthenticated Open Redirect via SAML RelayState Parameter
CVSS 4.3
CVE-2026-21879 MEDIUM
kanboard < 1.2.49 - Open Redirect via URL Validation Bypass
CVSS 4.7
CVE-2025-26483 MEDIUM
Dell PowerFlex Manager (Appliance) - URL Redirection to Untrusted Site ('Open Redirect')
CVSS 6.1
CVE-2025-65954 MEDIUM
SimpleSAMLphp CAS Server <6.3.1 and <7.0.0 Logout - Open Redirect
CVSS 6.1
CVE-2025-61669 MEDIUM
jupyter_server next parameter open redirect can redirect users to external domains
CVSS 6.1
CVE-2025-66447 NONE
Chamilo LMS has validation-less redirect on login page
CVE-2025-61166 MEDIUM
Ascertia SigningHub User v10.0 - Open Redirect
CVSS 6.1
CVE-2025-70032 MEDIUM
Sunbird-Ed SunbirdEd-portal 1.13.4 - Open Redirect
CVSS 6.1
CVE-2025-70037 MEDIUM
Linagora Twake 2023.Q1.1223 - Open Redirect
CVSS 6.1
CVE-2025-69725 MEDIUM
go-chi/chi >=5.2.2 - Open Redirect via RedirectSlashes Function
CVSS 4.7
CVE-2025-71244 MEDIUM
SPIP 4.3.0-4.3.9 - Open Redirect via Login Form in AJAX Mode
CVSS 6.1
CVE-2025-27900 MEDIUM
IBM DB2 Recovery Expert 5.5 IF002 - Open Redirect
CVSS 6.8
CVE-2025-65717 MEDIUM
Visual Studio Code Extensions Live Server <5.7.9 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits