EUVD-2026-18538

| CVE-2026-34931 HIGH
2026-04-02 GitHub_M
8.5
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

3
Analysis Generated
Apr 02, 2026 - 20:16 vuln.today
EUVD ID Assigned
Apr 02, 2026 - 20:16 euvd
EUVD-2026-18538
CVE Published
Apr 02, 2026 - 19:21 nvd
HIGH 8.5

Tags

Open Redirect

Description

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. With these tokens, the attacker can sign in as the victim to takeover their account. This issue has been patched in version 2026.3.0.

Analysis

Open redirect in Hoppscotch API development platform prior to version 2026.3.0 enables token exfiltration leading to complete account takeover. Attackers can craft malicious URLs that redirect authenticated users to attacker-controlled domains, stealing authentication tokens in transit. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Inventory all Hoppscotch installations and document current versions in use; verify if any instances are publicly accessible. Within 7 days: Upgrade all Hoppscotch instances to version 2026.3.0 or later; communicate patch requirement to development teams. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

43
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +42
POC: 0

Share

EUVD-2026-18538 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy