EIP-2026-107618

PRE-CVE

Horde Webmail 5.1 - Open Redirect

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107618. PoCs published by felipe andrian.

AI-analyzed exploit summary This is a writeup describing an open redirect vulnerability in Horde webmail's go.php file. The vulnerability allows attackers to redirect users to arbitrary URLs via the 'url' parameter without validation.

Description

Horde Webmail 5.1 - Open Redirect

Exploits (1)

exploitdb WRITEUP

by felipe andrian · textwebappsphp

https://www.exploit-db.com/exploits/32638

View Code ZIP pw:eip

This is a writeup describing an open redirect vulnerability in Horde webmail's go.php file. The vulnerability allows attackers to redirect users to arbitrary URLs via the 'url' parameter without validation.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Horde webmail 5.1 (possibly other versions)

No auth needed

Prerequisites: Access to the vulnerable go.php endpoint

MITRE ATT&CK

T1505 - Server Software Component T1566.002 - Spearphishing Link

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026