CVE-2026-42195

Published: Mag 09, 2026 Last Modified: Mag 09, 2026
ExploitDB:
Other exploit source:
Google Dorks:
LOW 3,4
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: changed
Confidentiality: low
Integrity: none
Availability: none

Description

AI Translation Available

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's 'Authorize in GitLab' dialog to open a popup on the attacker-controlled host instead of gitlab.com. This can lead to credential fishing and session state token exfiltration. This issue has been patched in version 29.7.9.

200

Exposure of Sensitive Information to an Unauthorized Actor

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies: Mobile, Not Technology-Specific, Web Based
Likelihood of Exploit: High
View CWE Details
601

URL Redirection to Untrusted Site ('Open Redirect')

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Confidentiality Other
Potential Impacts:
Bypass Protection Mechanism Gain Privileges Or Assume Identity Other
Applicable Platforms
Technologies: Web Based, Web Server
Likelihood of Exploit: Low
View CWE Details
https://github.com/jgraph/drawio/issues/493
https://github.com/jgraph/drawio/issues/493
https://github.com/jgraph/drawio/releases/tag/v29.7.9
https://github.com/jgraph/drawio/releases/tag/v29.7.9
https://github.com/jgraph/drawio/security/advisories/GHSA-8…
https://github.com/jgraph/drawio/security/advisories/GHSA-8x7j-m8px-7p8x