CVEbaza.plCWE DictionaryCWE-601
Common Weakness Enumeration

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

Category: BaseCVE: 1,819
Description

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

CVE vulnerabilities with CWE-601 (1,819)
10.0
CVSS
CRITICAL
CVE-2018-3774

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

pub. 2018-08-12
9.8
CVSS
CRITICAL
CVE-2025-43526

This issue was addressed with improved URL validation. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted.

pub. 2025-12-17
9.8
CVSS
CRITICAL
CVE-2025-55031

Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability was fixed in Firefox for iOS 142 and Focus for iOS 142.

pub. 2025-08-19
9.8
CVSS
CRITICAL
CVE-2025-50578

LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically `X-Forwarded-Host` and `Referer`. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirect attacks. This allows the loading of external resources from attacker-controlled domains and unintended redirection of users, potentially enabling phishing, UI redress, and session theft. The vulnerability exists due to insufficient validation and trust of untrusted input, affecting the integrity and trustworthiness of the application.

pub. 2025-07-30
9.8
CVSS
CRITICAL
CVE-2024-22891

Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.

pub. 2024-03-01
9.8
CVSS
CRITICAL
CVE-2022-31657

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.

pub. 2022-08-05
9.6
CVSS
CRITICAL
CVE-2026-53662

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting (XSS) vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The continue query parameter is read from the URL and passed to SvelteKit's redirect() without any scheme or origin validation, allowing attacker-controlled JavaScript to execute inside Immich's origin. The payload then uses the victim's existing session to mint an all-permission API key on their account, leading to persistent account takeover. This vulnerability is fixed in commit 4eb1003.

pub. 2026-06-23
9.6
CVSS
CRITICAL
CVE-2026-54588

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An unauthenticated attacker can poison the `redirect_uri` sent to the Identity Provider, causing the IdP to redirect the victim's authorization code to an attacker-controlled server - resulting in full account takeover with no credentials required. Versions 4.2.4 and 4.3.3 patch the issue.

pub. 2026-06-23
9.6
CVSS
CRITICAL
CVE-2026-43941

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal output (e.g., via a malicious SSH server, compromised remote host, or malicious plugin rendering terminal content) can thus achieve arbitrary code execution or local file access on the victim's machine, requiring only that the victim clicks a displayed link. At time of publication, there are no publicly available patches.

pub. 2026-05-08
9.6
CVSS
CRITICAL
CVE-2026-6795

URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Parameter Injection. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.

pub. 2026-05-07
9.6
CVSS
CRITICAL
CVE-2022-40083

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).

pub. 2022-09-28
9.6
CVSS
CRITICAL
CVE-2022-28755

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including the potential for remote code execution through launching executables from arbitrary paths.

pub. 2022-08-11
9.3
CVSS
CRITICAL
CVE-2026-41106

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

pub. 2026-07-02
9.3
CVSS
CRITICAL
CVE-2026-33102

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

pub. 2026-04-23
9.3
CVSS
CRITICAL
CVE-2022-41559

The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0.

pub. 2022-12-06
9.3
CVSS
CRITICAL
CVE-2019-6741

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must connect to a wireless network. The specific flaw exists within the captive portal. By manipulating HTML, an attacker can force a page redirection. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7476.

pub. 2019-06-03
9.1
CVSS
CRITICAL
CVE-2025-54145

The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme. This vulnerability was fixed in Firefox for iOS 141.

pub. 2025-08-19
9.1
CVSS
CRITICAL
CVE-2024-33661

Portainer before 2.20.0 allows redirects when the target is not index.yaml.

pub. 2024-04-26
9.1
CVSS
CRITICAL
CVE-2022-36028

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.

pub. 2024-04-25
9.1
CVSS
CRITICAL
CVE-2022-36029

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.

pub. 2024-04-25
Showing 20 of 1,819 vulnerabilities
Information
ID: CWE-601
Type: Base
Vulnerabilities: 1,819
MITRE CWE ↗
← CWE Dictionary
CWE-601 — URL Redirection to Untrusted Site ('Open Redirect') | CWE Dictionary | CVEbaza.pl