Open Redirect in Password Manager
CVE-2026-10839
Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users…
Vulnerability class: Open Redirect
Affected products
- Password Manager — versions 0, 08/07/2025
Weakness classification (CWE)
References
- cve-coordination@incibe.es (patch)