CVE Catalog

CVE-2026-10837

MediumCVSS 5.1
Published: Updated: Translated: NVD NIST

Summary

Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker.

Risk Assessment

The risk to the organization involves the potential for phishing or deception attacks, which could lead to a loss of user trust and potential financial losses.

Recommendation

It is recommended to implement proper validation mechanisms for the X-Forwarded-Host header and to monitor links submitted by users.

Original NVD description (English source)

Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited impact on confidentiality and integrity.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS