CVE-2026-34931

Published: Apr 02, 2026 Last Modified: Apr 02, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: active

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. With these tokens, the attacker can sign in as the victim to takeover their account. This issue has been patched in version 2026.3.0.

601

URL Redirection to Untrusted Site ('Open Redirect')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality Other

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity Other

Applicable Platforms

Technologies: Web Based, Web Server

Likelihood of Exploit: Low

View CWE Details

https://github.com/hoppscotch/hoppscotch/releases/tag/2026.…

https://github.com/hoppscotch/hoppscotch/releases/tag/2026.3.0

https://github.com/hoppscotch/hoppscotch/security/advisorie…

https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-7fg7-wx5q-6m3v

CVE-2026-34931

Description

URL Redirection to Untrusted Site ('Open Redirect')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter