Open Redirect in Cradle E-commerce

CVE-2026-3318

Open redirection vulnerability in the latest demo version of the Cradle eCommerce platform. The vulnerability occurs in the login form endpoint, where the ‘returnUrl’ parameter allows redirection because the web application accepts a URL a…

Vulnerability class: Open Redirect

EPSS: 0.000 (4.6th percentile) — read the EPSS interpretation.

Affected products

Cradle E-commerce — versions latest demo version

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

References

cve-coordination@incibe.es