Cross-Host Redirect Vulnerability in Nitro Server Toolkit
CVE-2026-44372
5.3MEDIUM
What is CVE-2026-44372?
The Nitro Server Toolkit, a next-generation server framework, contains a vulnerability that allows attackers to manipulate redirect route rules using wildcard rewrites. By inserting an additional slash in the redirect rule, an attacker can execute cross-host redirects, potentially leading to unauthorized data access or phishing attacks. This issue is resolved in version 3.0.260429-beta, emphasizing the importance of upgrading to the latest version to maintain security integrity.
Affected Version(s)
nitro < 3.0.260429-beta
nitropack < 2.13.4