CVE-2026-34847

Published: Apr 02, 2026 Last Modified: Apr 02, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,7

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: changed

Confidentiality: none

Integrity: low

Availability: none

Description

AI Translation Available

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, the /enter page contains a DOM-based open redirect vulnerability. The redirect query parameter is directly used to construct a URL and redirect the user without proper validation. This issue has been patched in version 2026.3.0.

601

URL Redirection to Untrusted Site ('Open Redirect')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality Other

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity Other

Applicable Platforms

Technologies: Web Based, Web Server

Likelihood of Exploit: Low

View CWE Details

https://github.com/hoppscotch/hoppscotch/releases/tag/2026.…

https://github.com/hoppscotch/hoppscotch/releases/tag/2026.3.0

https://github.com/hoppscotch/hoppscotch/security/advisorie…

https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-27pm-c9ch-746q

CVE-2026-34847

Description

URL Redirection to Untrusted Site ('Open Redirect')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter