CVE-2026-44372

Published: Mag 13, 2026 Last Modified: Mag 14, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: passive

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0004

Percentile

0,1th

Updated

EPSS Score Trend (Last 7 Days)

601

URL Redirection to Untrusted Site ('Open Redirect')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality Other

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity Other

Applicable Platforms

Technologies: Web Based, Web Server

Likelihood of Exploit: Low

View CWE Details

https://github.com/nitrojs/nitro/pull/4236

https://github.com/nitrojs/nitro/releases/tag/v2.13.4

https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-b…

https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta

https://github.com/nitrojs/nitro/security/advisories/GHSA-9…

https://github.com/nitrojs/nitro/security/advisories/GHSA-9phm-9p8f-hw5m

CVE-2026-44372

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 7 Days)

URL Redirection to Untrusted Site ('Open Redirect')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter