Skip to main content

Redash EUVDEUVD-2026-44686

| CVE-2026-33213 MEDIUM
URL Redirection to Untrusted Site (Open Redirect) (CWE-601)
2026-07-15 GitHub_M
6.1
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vuln.today AI
6.1 MEDIUM

Network-delivered via crafted URL with no prerequisites (AV:N/AC:L/PR:N); victim must click and authenticate (UI:R); post-auth redirect crosses trust boundary to external domain (S:C); impact limited to phishing surface (C:L/I:L/A:N).

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
Jul 15, 2026 - 15:33 vuln.today
Analysis Generated
Jul 15, 2026 - 15:33 vuln.today

DescriptionCVE.org

Redash is a package for data visualization and sharing. From 5.0.2 to 26.3.0, the get_next_path() function in Redash's authentication module stripped the scheme and netloc from user-supplied next parameters but did not normalize multiple leading slashes, allowing a crafted login URL such as /login?next=////evil.com to redirect users to an external attacker-controlled site after authentication.

AnalysisAI

Open redirect in Redash versions 5.0.2 through 26.3.0 allows unauthenticated attackers to craft a login URL that silently forwards authenticated users to an attacker-controlled external site. The flaw in get_next_path() stripped scheme and netloc from the next parameter but failed to reject or normalize URLs with three or more leading slashes - a pattern browsers interpret as an absolute external reference (e.g., /login?next=////evil.com). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft login URL with ////evil.com next parameter
Delivery
Deliver link via phishing or social engineering
Exploit
Victim clicks link and authenticates to Redash
Execution
Vulnerable get_next_path() passes unsanitized redirect
Persist
Browser follows redirect to attacker-controlled site
Impact
Attacker harvests credentials or delivers payload

Vulnerability AssessmentAI

Exploitation The login endpoint must be reachable by the attacker (directly or via a link delivered to an internal user). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 6.1 score (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) correctly reflects a network-exploitable, low-complexity, unauthenticated attack that requires one click from the victim and produces a changed scope - the post-login redirect exits the Redash trust boundary to an attacker domain. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker sends a targeted phishing message to a data analyst with a link to https://redash.company.com/login?next=////attacker.com/fake-dashboard. The analyst clicks the link, authenticates normally against the real Redash instance, and is immediately forwarded to attacker.com - a page styled to look like Redash that prompts for re-authentication or delivers a browser exploit. …
Remediation Apply the upstream fix available as commit 9e66f81673c482d9ae6c425afe009644114605d0 in the Redash repository (https://github.com/getredash/redash/commit/9e66f81673c482d9ae6c425afe009644114605d0); a tagged patched release version is not independently confirmed from available data - consult the advisory at https://github.com/getredash/redash/security/advisories/GHSA-rfgc-hc86-pxrv for the official fixed release before upgrading. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2017-1000117 HIGH POC
8.8 Oct 05

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL ca

CVE-2024-52875 HIGH POC
8.8 Jan 31

GFI Kerio Control versions 9.2.5 through 9.4.5 contain an HTTP response splitting vulnerability in the dest parameter of

CVE-2016-5385 HIGH POC
8.1 Jul 19

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect

CVE-2013-2248 MEDIUM POC
5.8 Jul 20

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to

CVE-2012-6499 MEDIUM POC
5.8 Jan 12

Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows

CVE-2015-2863 MEDIUM POC
4.3 Jul 20

Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 b

CVE-2017-3528 MEDIUM POC
5.4 Apr 24

Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (li

CVE-2012-0518 MEDIUM
4.7 Oct 16

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3

CVE-2024-21641 MEDIUM POC
6.5 Jan 05

Flarum is open source discussion platform software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp

CVE-2015-5354 MEDIUM POC
5.8 Jul 01

Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites

CVE-2015-5461 MEDIUM POC
6.4 Jul 08

Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for

CVE-2024-22891 CRITICAL POC
9.8 Mar 01

Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link. Rated crit

Share

EUVD-2026-44686 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy