Open Redirect in Hoppscotch

CVE-2026-34931

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. With these tokens, the attacker can sign in as the victim to takeover their accoun…

Vulnerability class: Open Redirect

EPSS: 0.000 (6.3th percentile) — read the EPSS interpretation.

Affected products

Hoppscotch — versions < 2026.3.0

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

References

https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-7fg7-wx5q-6m3v (x_refsource_CONFIRM)
https://github.com/hoppscotch/hoppscotch/releases/tag/2026.3.0 (x_refsource_MISC)