CVE-2026-10837
MediumCVSS 5.1Summary
Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker.
Risk Assessment
The risk to the organization involves the potential for phishing or deception attacks, which could lead to a loss of user trust and potential financial losses.
Recommendation
It is recommended to implement proper validation mechanisms for the X-Forwarded-Host header and to monitor links submitted by users.
Original NVD description (English source)
Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited impact on confidentiality and integrity.

