Skip to main content

Apprise CVE-2026-59180

| EUVDEUVD-2026-42940 LOW
Information Exposure (CWE-200)
2026-07-10 GitHub_M
3.1
CVSS 3.1 · Vendor: GitHub_M

Severity by source

Vendor (GitHub_M) PRIMARY
3.1 LOW
AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
vuln.today AI
3.1 LOW

AC:H reflects the requirement for on-path position or compromised destination; C:L because leaked credentials are scoped to configured service keys, not system-wide data.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Patch available
Jul 10, 2026 - 18:01 EUVD
Analysis Generated
Jul 10, 2026 - 16:51 vuln.today

DescriptionCVE.org

Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins and HTTP attachment and config loaders in apprise/attachment/http.py and apprise/config/http.py follow HTTP redirects by default and resend user-configured auth headers and query parameters on the redirected request, allowing a compromised trusted destination or on-path attacker to receive secrets such as Authorization headers, bearer tokens, custom headers, and service keys. This issue is fixed in version 1.11.0.

AnalysisAI

HTTP redirect handling in Apprise prior to 1.11.0 leaks user-configured secrets - including Authorization headers, bearer tokens, custom headers, and service API keys - by blindly resending them on redirected requests to attacker-controlled endpoints. Any deployment using Apprise's HTTP-based notification plugins or its HTTP attachment and config loaders (apprise/attachment/http.py, apprise/config/http.py) is affected. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Compromise notification destination or gain on-path position
Delivery
Victim Apprise instance sends HTTP notification or loads remote config
Exploit
Attacker endpoint responds with HTTP 301 redirect
Execution
Apprise follows redirect, resending Authorization headers and service keys
Impact
Attacker server captures credentials for all configured services

Vulnerability AssessmentAI

Exploitation Exploitation requires one of two conditions: the attacker must hold an on-path network position capable of injecting HTTP redirects into traffic between the Apprise host and its notification/config/attachment destination, OR the attacker must have compromised or control a server that is already a configured, trusted destination in the victim's Apprise setup (e.g., a webhook URL, a remote config URL, or a remote attachment URL). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS 3.1 score of 3.1 (Low) with vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N captures the technical constraints accurately: exploitation requires high attack complexity (on-path position or a compromised trusted notification destination) and user interaction (a user must configure Apprise to communicate with the redirecting endpoint). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has compromised a webhook receiver that a victim's Apprise instance is configured to notify - such as a third-party alerting service - configures that server to respond with an HTTP 301 redirect to an attacker-controlled URL. When Apprise sends a notification to the compromised endpoint, it follows the redirect and resends the original request's Authorization header and any configured bearer tokens or service API keys to the attacker's server. …
Remediation Upgrade Apprise to version 1.11.0 or later; this is the vendor-confirmed fix (commit 68c0aef218055e4586cf4605fd6b56358f5f462d, PR #1610) available at https://github.com/caronc/apprise/releases/tag/v1.11.0. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-59180 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy