CVE-2026-10839

Summary

Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or interaction with the interface, resulting in limited impact on confidentiality and integrity.

Affected Software

VendorProductVersion RangeStatus
Password ManagerPassword Manager0 < 08/07/2025affected
Password ManagerPassword Manager08/07/2025unaffected

Weaknesses

  • CWE-601: CWE-601 URL redirection to untrusted site ('open redirect')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References