6.1
CVE-2026-25651
- EPSS 0.01%
- Veröffentlicht 06.02.2026 19:16:09
- Zuletzt bearbeitet 24.02.2026 21:00:44
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Loginclient-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. This vulnerability is fixed in 1.0.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tgies ≫ Client-certificate-auth SwPlatformnode.js Version >= 0.2.1 < 1.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.026 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.