HIGH🇵🇱 Wersja polska

CVE-2026-34931

CVSS 8.5v4.0pub. 2026-04-02upd. 2026-04-15

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. With these tokens, the attacker can sign in as the victim to takeover their account. This issue has been patched in version 2026.3.0.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Hoppscotch

    APP
    Hoppscotch
    < 2026.3.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-50160CRITICAL10.0ten sam produkt

Hoppscotch is an API development ecosystem. In self-hosted deployments of hoppscotch-backend from version 2026...

CVE-2026-28215CRITICAL9.1PL ✓ten sam produkt

Hoppscotch — Auth Bypass umożliwia przejęcie konfiguracji instancji

CVE-2026-34932HIGH8.5ten sam produkt

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulne...

CVE-2026-28216HIGH8.3ten sam produkt

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read...

CVE-2023-34097HIGH7.8ten sam produkt

hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is...