Is Open Redirect affected by CVE-2026-34931?

Hoppscotch API development platform versions prior to 2026.3.0 contain a high-severity open redirect vulnerability that enables attackers to steal authentication tokens and achieve complete account takeover without requiring credentials.

CVE-2026-34931

EUVD-2026-18538 HIGH

2026-04-02 GitHub_M

8.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

Apr 02, 2026 - 20:16 vuln.today

EUVD ID Assigned

Apr 02, 2026 - 20:16 euvd

EUVD-2026-18538

CVE Published

Apr 02, 2026 - 19:21 nvd

HIGH 8.5

Description

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. With these tokens, the attacker can sign in as the victim to takeover their account. This issue has been patched in version 2026.3.0.

Analysis

Open redirect in Hoppscotch API development platform prior to version 2026.3.0 enables token exfiltration leading to complete account takeover. Attackers can craft malicious URLs that redirect authenticated users to attacker-controlled domains, stealing authentication tokens in transit. …

Remediation

Within 24 hours: Inventory all Hoppscotch installations and document current versions in use; verify if any instances are publicly accessible. Within 7 days: Upgrade all Hoppscotch instances to version 2026.3.0 or later; communicate patch requirement to development teams. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +42

POC: 0

CVE-2026-34931 vulnerability details – vuln.today

Back

CVE-2026-34931

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-34931

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code