Skip to main content

Open Redirect CVE-2026-44372

MEDIUM
URL Redirection to Untrusted Site (Open Redirect) (CWE-601)
2026-05-06 https://github.com/nitrojs/nitro GHSA-9phm-9p8f-hw5m
Open Redirect
5.3
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

2
CVSS changed
May 13, 2026 - 21:22 NVD
5.3 (MEDIUM)
CVE Published
May 06, 2026 - 23:02 nvd
MEDIUM

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 13 npm packages depend on nitro (8 direct, 5 indirect)
  • 743 npm packages depend on nitropack (139 direct, 613 indirect)

Ecosystem-wide dependent count for version 3.0.260429-beta and other introduced versions.

DescriptionNVD

A redirect route rule like:

ts
routeRules: {
  "/legacy/**": { redirect: "/**" }
}

is intended to rewrite paths within the same host. Before the patch, an attacker could turn the rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. Example exploit:

GET /legacy//evil.com

Nitro stripped /legacy from the matched pathname and joined the remainder against the rule's target. The remainder was //evil.com, which the join preserved verbatim, so Nitro responded with Location: //evil.com. Browsers resolve //evil.com as a protocol-relative URL against the current scheme, sending the user to https://evil.com.

Are you affected?

Users may be affected if all of the following are true:

  1. Their project uses Nitro's routeRules with a redirect entry.
  2. The target uses a / wildcard suffix to forward sub-paths (e.g. redirect: "/", redirect: "/new/", proxy: { to: "http://upstream/" }).
  3. The redirect rule is _not_ handled natively at the CDN layer. The vercel, netlify, cloudflare-pages, and edgeone presets translate routeRules.redirect into platform config (vercel.json, _redirects, EdgeOne v3 config) and serve the redirect at the edge - those deployments bypass the Nitro runtime entirely and are not affected. Every other preset executes the redirect through the Nitro runtime and can be vulnerable.

Impact

Open redirect from any host serving Nitro with a wildcard redirect rule. The redirect target is fully attacker-controlled, the URL looks legitimate (it starts with the victim's domain), and the browser silently follows it.

Patched versions

Upgrade to one of:

  • 2.13.4 or later (or upgrade lockfile with latest ufo 1.6.4+)
  • 3.0.260429-beta or later (https://github.com/nitrojs/nitro/pull/4236)

The fix has two parts:

  1. ufo is bumped to ^1.6.4 (unjs/ufo@5cd9e67), which collapses any run of leading slashes to a single / inside withoutBase. This covers the typical "/scope/**" rule.
  2. The Nitro runtime additionally collapses leading // before joining when the rule path itself is /** (in rare case which case withoutBase is never called and the raw pathname flows straight into joinURL("", …)).

Analysis

{ "/legacy/": { redirect: "/" } } is intended to rewrite paths within the same host. Before the patch, an attacker could turn the rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-44372 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy