What is the CVSS score of CVE-2026-35410?

CVE-2026-35410 has a CVSS 3.1 base score of 6.1 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-35410?

Yes, a patch is available for CVE-2026-35410. Update the affected software to the latest version immediately.

Open Redirect CVE-2026-35410

EUVD-2026-19518 MEDIUM

Improper Input Validation (CWE-20)

2026-04-04 https://github.com/directus/directus

GHSA-cf45-hxwj-4cfj

Open Redirect

6.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch released

Apr 04, 2026 - 08:30 nvd

Patch available

EUVD ID Assigned

Apr 04, 2026 - 06:15 euvd

EUVD-2026-19518

Analysis Generated

Apr 04, 2026 - 06:15 vuln.today

CVE Published

Apr 04, 2026 - 06:09 nvd

MEDIUM 6.1

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

3 npm packages depend on directus (1 direct, 2 indirect)

Ecosystem-wide dependent count for version 11.16.1.

DescriptionNVD

Summary

An open redirect vulnerability exists in the login redirection logic. The isLoginRedirectAllowed function fails to correctly identify certain malformed URLs as external, allowing attackers to bypass redirect allow-list validation and redirect users to arbitrary external domains upon successful authentication.

Details

A parser differential exists between the server-side URL validation logic and how modern browsers interpret URL path segments containing backslashes. Specifically, certain URL patterns are incorrectly classified as safe relative paths by the server, but are normalized by browsers into external domain references.

This is particularly impactful in SSO authentication flows (e.g., OAuth2 providers), where an attacker can craft a login URL that redirects the victim to an attacker-controlled site immediately after successful authentication, without any visible indication during the login process.

Impact

Phishing: Users may be silently redirected to attacker-controlled sites impersonating legitimate services after authenticating.
Credential/token theft: The redirect can be chained to capture OAuth tokens or authorization codes.
Trust erosion: Users lose confidence in the application after being redirected to unexpected domains post-login.

AnalysisAI

Open redirect vulnerability in Directus login redirection logic allows unauthenticated attackers to bypass URL allow-list validation through malformed URLs containing backslashes, silently redirecting authenticated users to arbitrary external domains. The vulnerability exploits a parser differential between server-side validation and browser URL normalization, creating a phishing vector particularly dangerous in SSO/OAuth2 flows where attackers can capture authentication tokens without visible user indication. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-35410 vulnerability details – vuln.today

Back