HTTP Redirection Vulnerability in Apprise Notification Library
CVE-2026-59180
3.1LOW
What is CVE-2026-59180?
The Apprise notification library allows users to send alerts through various popular notification services. Prior to version 1.11.0, its HTTP-based plugins and configuration loaders redirected HTTP requests and inadvertently sent user-defined authentication information to malicious destinations. This flaw enabled attackers, whether through compromised trusted servers or other means, to intercept sensitive data, including authorization headers and service keys, significantly increasing the risk of unauthorized access. The issue has been addressed in version 1.11.0, which mitigates this risk.
Affected Version(s)
apprise < 1.11.0
