EIP-2026-101176

PRE-CVE

Barracuda SSL VPN 680 - 'returnTo' Open Redirection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101176. PoCs published by Chokri Ben Achor.

AI-analyzed exploit summary The code describes an open-redirection vulnerability in Barracuda SSL VPN 680, where crafted URIs with the 'returnTo' parameter can redirect users to attacker-controlled sites. It provides examples of malicious URIs but does not include functional exploit code.

Description

Barracuda SSL VPN 680 - 'returnTo' Open Redirection

Exploits (1)

exploitdb WRITEUP VERIFIED

by Chokri Ben Achor · textremotehardware

https://www.exploit-db.com/exploits/38536

View Code ZIP pw:eip

The code describes an open-redirection vulnerability in Barracuda SSL VPN 680, where crafted URIs with the 'returnTo' parameter can redirect users to attacker-controlled sites. It provides examples of malicious URIs but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Barracuda SSL VPN 680 2.2.2.203

No auth needed

Prerequisites: User interaction to follow a crafted URI

MITRE ATT&CK

T1566.002 - Spearphishing Link

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026