Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green
Primary rating from Vendor (CIRCL) · only source for this CVE.
CVSS VectorVendor: CIRCL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green
Lifecycle Timeline
4DescriptionCVE.org
An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_requested_url session key was used as the post-login redirect destination without sufficiently enforcing that it was a local application path.
An unauthenticated remote attacker could craft a link that causes a victim to visit a trusted MISP instance and, after successful authentication, be redirected to an attacker-controlled external URL. This could be abused to increase the credibility of phishing attacks, redirect users to counterfeit login pages, or deliver attacker-controlled content from an untrusted domain. CWE-601 describes this weakness as accepting user-controlled input that specifies an external link and using it in a redirect, with phishing as a common consequence.
The patch mitigates the issue by decoding and parsing the URL, rejecting URLs with a scheme, host, user component, missing or non-local path, and protocol-relative forms such as //example.com and /\example.com.
AnalysisAI
Open redirect in MISP versions up to and including 2.5.38 allows unauthenticated remote attackers to craft links that silently redirect victims to attacker-controlled external URLs immediately after successful authentication. The vulnerability resides in UsersController::routeafterlogin(), where the pre_login_requested_url session value was reflected into a Location header without enforcing local-path constraints. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The victim must click a specifically crafted MISP URL that encodes an external redirect target, and must successfully complete authentication to the MISP instance - the redirect only fires post-login via the _postlogin() code path. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 4.0 rates this 5.1 (Medium). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker targeting a security operations team crafts a URL to a victim organization's MISP instance where the pre_login_requested_url session parameter is set to an external phishing domain, such as a convincing clone of the organization's identity provider login page. The attacker delivers this link via a spear-phishing email referencing a specific threat report, inducing the analyst to click and authenticate. … |
| Remediation | The primary fix is to upgrade MISP to a version incorporating commit ae760b7bf534f2798810d59a1f961b31adb3443e, which patches app/Controller/UsersController.php to decode the stored URL with rawurldecode(), parse it with parse_url(), and reject any URL that contains a host, scheme, or user component, lacks a path, has a path that does not start with '/', or begins with '//' or '/\' (protocol-relative bypass forms). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Open Redirect
View allGFI Kerio Control versions 9.2.5 through 9.4.5 contain an HTTP response splitting vulnerability in the dest parameter of
Flarum is open source discussion platform software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redire
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that aut
mailcow: dockerized is an open source groupware/email suite based on docker. Rated high severity (CVSS 7.1), this vulner
In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to redirect the victim to
A flaw was found in Yelp. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication
WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) pro
A denial of service vulnerability in GitLab CE/EE affecting all (CVSS 7.5) that allows an attacker. Risk factors: public
Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. Rated medium severity (CVSS 6.5), this vulnerability is remot
The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. Rated
Traccar GPS tracking system through version 6.11.1 allows authenticated users to hijack OAuth 2.0 authorization codes th
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34263
GHSA-9gjj-gmcx-6fhj