Open Redirection Vulnerability in Authentication System of Specific Application
CVE-2026-10839

5.1MEDIUM

Key Information:

Vendor: Password Manager
Status: Password Manager
Vendor: CVE Published:; 17 June 2026

🔔 Create Password Manager Vulnerability Alert

What is CVE-2026-10839?

This vulnerability allows attackers to manipulate the X-Forwarded-Host header, leading to open redirection issues. By exploiting this flaw, an attacker can redirect authenticated users to malicious websites after they have completed login procedures or interacted with the application interface. Such attacks can compromise user experience and potentially expose users to phishing threats, although the direct impact on data confidentiality and integrity is limited.

Affected Version(s)

Password Manager 0 < 08/07/2025

Password Manager 08/07/2025

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

patch

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 4, 2026

CVE-2026-10839 Data

JSON