CVE-2026-11477
MediumCVSS 4.3Summary
A vulnerability was detected in hs-web hsweb-framework up to version 5.0.1, affecting the OAuth2Client function. The manipulation results in open redirect, which can be exploited remotely.
Risk Assessment
This vulnerability poses a risk of enabling phishing attacks or other malicious activities, potentially leading to data loss or security breaches within the organization.
Recommendation
It is advised to apply the patch c2882679a9125cea52678151af5ae213cbd52579 to resolve this issue.
Original NVD description (English source)
A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in open redirect. The attack can be executed remotely. The exploit is now public and may be used. The patch is identified as c2882679a9125cea52678151af5ae213cbd52579. Applying a patch is advised to resolve this issue.

