What is the CVSS score of CVE-2026-2376?

CVE-2026-2376 has a CVSS 3.1 base score of 4.9 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Open Redirect are affected by CVE-2026-2376?

Organizations using A flaw should be aware of moderate risk from CVE-2026-2376 rated CVSS 4.9. Exploitation could compromise the security of affected deployments.

Open Redirect CVE-2026-2376

MEDIUM

URL Redirection to Untrusted Site (Open Redirect) (CWE-601)

2026-03-12 secalert@redhat.com

Open Redirect Red Hat

4.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 19:57 vuln.today

CVE Published

Mar 12, 2026 - 19:16 nvd

MEDIUM 4.9

DescriptionNVD

A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses.

When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to.

AnalysisAI

Authenticated users in mirror-registry can exploit open redirect functionality to access internal or restricted systems by supplying malicious URLs that the application blindly follows without destination validation. This allows attackers with valid credentials to bypass access controls and reach systems they should not have permission to interact with. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-10021 HIGH This Week

8.8 May 28

Remote code execution in Google Chrome desktop versions prior to 148.0.7778.216 allows a remote attacker to execute arbi

CVE-2026-10002 HIGH This Week

8.8 May 28

Heap corruption in Google Chrome's PDFium component (versions prior to 148.0.7778.216) allows a remote attacker to poten

CVE-2026-10019 HIGH This Week

8.8 May 28

Cross-origin data leakage in Google Chrome versions prior to 148.0.7778.216 stems from an integer overflow in the ANGLE

CVE-2026-10022 HIGH This Week

8.8 May 28

Type confusion in the V8 JavaScript engine of Google Chrome before 148.0.7778.216 enables arbitrary code execution withi

CVE-2026-10007 HIGH This Week

8.8 May 28

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the SVG rend

Vendor StatusVendor

CVE-2026-2376 vulnerability details – vuln.today

Back

Open Redirect CVE-2026-2376

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code