CyberRota
← Ana sayfaya dön

CVE-2026-58450

MEDIUM · CVSS 4.3 EPSS %0.18 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-30T22:16:58.530 · Çekilme zamanı: 2026-07-15T12:04:22.359309+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

GitHub PoC Linkleri

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-58450
Severity
MEDIUM
CVSS
4.3
EPSS
%0.18

Orijinal NVD Açıklaması

Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a client login link with an external URL in the intended parameter, which is stored in the session without host validation and emitted verbatim via a bare redirect in the ContactLoginController authenticated() handler after the victim completes a legitimate login, enabling phishing attacks.