CVE-2026-10839

Description

Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or interaction with the interface, resulting in limited impact on confidentiality and integrity.

References

• https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-password-manager