CVE-2026-41513

Published: Mag 12, 2026 Last Modified: Mag 12, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,8

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: active

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects.

601

URL Redirection to Untrusted Site ('Open Redirect')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality Other

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity Other

Applicable Platforms

Technologies: Web Based, Web Server

Likelihood of Exploit: Low

View CWE Details

https://github.com/horilla/horilla-hr/commit/734f0c7ed4ac96…

https://github.com/horilla/horilla-hr/commit/734f0c7ed4ac96fe8615d1b592180ea8a4…

https://github.com/horilla/horilla-hr/security/advisories/G…

https://github.com/horilla/horilla-hr/security/advisories/GHSA-vqg4-fc32-cwvw

CVE-2026-41513

Description

URL Redirection to Untrusted Site ('Open Redirect')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter