HTTP Redirection Vulnerability in Apprise Notification Library
CVE-2026-59180

3.1LOW

Key Information:

Vendor

Caronc

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-59180?

The Apprise notification library allows users to send alerts through various popular notification services. Prior to version 1.11.0, its HTTP-based plugins and configuration loaders redirected HTTP requests and inadvertently sent user-defined authentication information to malicious destinations. This flaw enabled attackers, whether through compromised trusted servers or other means, to intercept sensitive data, including authorization headers and service keys, significantly increasing the risk of unauthorized access. The issue has been addressed in version 1.11.0, which mitigates this risk.

Affected Version(s)

apprise < 1.11.0

References

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.