CVE-2026-27191

EPSS 0.25%
Veröffentlicht 21.02.2026 03:23:28
Zuletzt bearbeitet 25.02.2026 15:12:58
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Feathers: Open Redirect in OAuth callback enables account takeover

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base origin without validation, allowing attackers to steal access tokens via URL authority injection. This leads to full account takeover, as the attacker obtains the victim's access token and can impersonate them. The application constructs the final redirect URL by concatenating the base origin with the user-supplied redirect parameter. This is exploitable when the origins array is configured and origin values do not end with /. An attacker can supply @attacker.com as the redirect value results in https://target.com@attacker.com#access_token=..., where the browser interprets attacker.com as the host, leading to full account takeover. This issue has been fixed in version 5.0.40.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Feathersjs ≫ Feathers SwPlatformnode.js Version < 5.0.40

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.164

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	7.4	0	0	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://github.com/feathersjs/feathers/security/advisories/GHSA-ppf9-4ffw-hh4p

Third Party Advisory

https://github.com/feathersjs/feathers/commit/ee19a0ae9bc2ebf23b1fe598a1f7361981b65401

Patch

https://github.com/feathersjs/feathers/releases/tag/v5.0.40

Product

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2026-27191

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-27191

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-27191

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-27191