Open Redirect Vulnerability in Redash Data Visualization Tool
CVE-2026-33213
6.1MEDIUM
What is CVE-2026-33213?
The Redash data visualization platform contains a vulnerability in its authentication module. Specifically, the get_next_path() function fails to properly normalize multiple leading slashes in user-supplied next parameters. This oversight allows an attacker to craft a malicious login URL that could redirect authenticated users to an external, malicious site, consequently compromising user data and security.
Affected Version(s)
redash >= 5.0.2, <= 26.3.0
