Skip to main content

excon CVE-2026-54171

MEDIUM
2026-07-10 https://github.com/excon/excon GHSA-48rx-c7pg-q66r
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Network-reachable via outbound HTTP; no privileges required on the target; UI:R reflects the application must initiate the redirected request; C:H for full credential/token exposure; no integrity or availability impact.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 10, 2026 - 22:04 vuln.today

DescriptionGitHub Advisory

Impact

The redirect follower middleware previously failed to strip a number of headers that are known to be sensitive and did not provide a way to provide a custom list of headers to strip.

_What kind of vulnerability is it? Who is impacted?_ This could cause inadvertent leakage of sensitive data for users of the RedirectFollower middleware in cases where the initial request includes header information that is not intended for the new target.

Patches

Patch exists and is released in v1.5.0

Workarounds

Users can backport the fix to a custom redirect follower middleware.

AnalysisAI

Sensitive HTTP header leakage in the excon Ruby gem's RedirectFollower middleware exposes credentials and tokens to unintended redirect destinations. Applications using the RedirectFollower middleware that include headers such as Authorization or API keys in outbound requests will inadvertently forward those headers to the redirect target - which may be attacker-controlled or a third-party service. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify application using excon RedirectFollower
Delivery
Control or influence redirect destination
Exploit
Application triggers outbound HTTP request with sensitive headers
Execution
Middleware follows redirect without stripping headers
Persist
Attacker server receives forwarded credentials
Impact
Harvest tokens for account takeover

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target application uses the excon Ruby gem with the RedirectFollower middleware explicitly enabled and that the application includes sensitive HTTP headers (such as Authorization, Cookie, X-API-Key, or similar tokens) in its outbound HTTP requests. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N reflects a network-reachable vulnerability with low attack complexity and high confidentiality impact, but requiring some form of user or application interaction (UI:R) to trigger a redirect. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An application using excon with the RedirectFollower middleware sends a request to an API endpoint with an Authorization header containing a bearer token; the API server responds with a 302 redirect to a URL under attacker control (via SSRF, supply chain compromise of the API, or an open redirect). The unpatched middleware automatically follows the redirect and forwards the original Authorization header to the attacker's server, where the token is harvested and used to access the victim application's account or resources.
Remediation Upgrade the excon gem to v1.5.0 or later, which patches the RedirectFollower middleware to strip sensitive headers before forwarding redirect requests. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-54171 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy