CVE-2026-58450
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
Invoice Ninja up to version 5.13.26 contains an open redirect vulnerability in the client portal login. An unauthenticated attacker can redirect an authenticated victim to an attacker-controlled external URL by injecting a malicious value into the intended query parameter.
Risk Assessment
The risk involves the possibility of a phishing attack against authenticated users, potentially leading to theft of login credentials or other sensitive information.
Recommendation
Immediately update Invoice Ninja to a version later than 5.13.26 that includes a fix for this vulnerability. Until the update is applied, restrict access to the client portal login and implement server-side redirect validation.
Original NVD description (English source)
Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a client login link with an external URL in the intended parameter, which is stored in the session without host validation and emitted verbatim via a bare redirect in the ContactLoginController authenticated() handler after the victim completes a legitimate login, enabling phishing attacks.

