By weakness (CWE)

CWE-601: related vulnerabilities

CVEs classified under CWE-601. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

5 published vulnerabilities

  • CVE-2026-40961HIGH 7.2

    Apache Airflow contains a flaw in its login redirect mechanism that allows authenticated users to redirect people to malicious websites. The vulnerability exists because the URL safety check (`is_safe_url`) can be circumvented through crafted URLs, enabling attackers to potentially harvest credentials or distribute malware by making the redirect appear to come from a trusted Airflow instance. Any organization running Airflow and allowing authentication should treat this as a priority.

  • CVE-2026-10856MEDIUM 6.1

    MISP dashboard widgets contain a URL validation flaw that allows attackers to craft malicious buttons appearing to link within the application while actually redirecting users to external sites. The vulnerability stems from incomplete validation that accepts paths like '/\example.com', which browsers may normalize into scheme-relative URLs pointing to attacker-controlled domains. An attacker with dashboard configuration access can embed these crafted buttons to redirect legitimate users, creating phishing and credential-theft opportunities.

  • CVE-2026-10861MEDIUM 6.1

    MISP, a widely-used threat intelligence sharing platform, contains an open redirect vulnerability in its post-login redirect logic. When a user logs in, the application redirects them to a URL stored in the session without properly validating that the destination is actually part of the MISP application. An attacker can craft a malicious link that tricks users into visiting their legitimate MISP instance, then redirects them to an attacker-controlled website after they authenticate. This could be weaponized for phishing by appearing to come from a trusted source or to deliver malware from a domain the victim might not otherwise visit.

  • CVE-2026-40181MEDIUM 6.1

    React Router, a widely-used navigation library for React applications, contains an open redirect vulnerability in specific versions. When certain URLs are passed to the redirect function, the library can inadvertently send users to an external website controlled by an attacker. This happens because paths beginning with double slashes (//) are misinterpreted as protocol-relative URLs, allowing an attacker to craft a malicious URL that bypasses the intended redirect destination. The vulnerability only affects applications using the programmatic redirect function; applications built with React Router's declarative mode (using <BrowserRouter>) are not impacted. The severity of the risk depends on how thoroughly the application validates URLs before redirecting.

  • CVE-2026-41569MEDIUM 6.1

    authentik, an open-source identity provider, contains a URL validation flaw in its WS-Federation provider that allows attackers to redirect users' login credentials to attacker-controlled domains. The vulnerability stems from incomplete validation of the wreply parameter—a redirect URL used after authentication. An attacker can craft a malicious login link where the wreply parameter points to a lookalike domain (for example, https://portal.example.com.evil.tld/) that bypasses the validation check, tricking users into sending their signed authentication response to the attacker instead of the legitimate application. This affects authentik versions prior to 2026.2.3.