EIP-2026-107618

This is a writeup describing an open redirect vulnerability in Horde webmail's go.php file. The vulnerability allows attackers to redirect users to arbitrary URLs via the 'url' parameter without validation.