Open Redirect in Password Manager
CVE-2026-10837
Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the att…
Vulnerability class: Open Redirect
Affected products
- Password Manager — versions 0, 08/07/2025
Weakness classification (CWE)
References
- cve-coordination@incibe.es (patch)