CVE-2026-10837

Description

Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited impact on confidentiality and integrity.

References

• https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-password-manager