Lucene search
K

Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login

🗓️ 26 May 2026 13:30:50Reported by GitHub Advisory DatabaseType 
github
 github
🔗 github.com👁 3 Views

Apache Shiro Jakarta EE module allows redirect target manipulation via Referer header during login.

Related
Detection
Refs
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-48589
25 May 202620:20
attackerkb
Circl
CVE-2026-48589
26 May 202608:59
circl
CNNVD
Apache Shiro 安全漏洞
25 May 202600:00
cnnvd
CVE
CVE-2026-48589
25 May 202620:20
cve
Cvelist
CVE-2026-48589 Apache Shiro: Jakarta EE open redirect via untrusted Referer in post-login redirect flow
25 May 202620:20
cvelist
Debian CVE
CVE-2026-48589
25 May 202620:20
debiancve
EUVD
EUVD-2026-31738
25 May 202620:20
euvd
NVD
CVE-2026-48589
25 May 202621:16
nvd
OSV
UBUNTU-CVE-2026-48589
25 May 202621:16
osv
Positive Technologies
PT-2026-43121
25 May 202600:00
ptsecurity
Rows per page
Vulners
Node
org.apache.shiroshiro-jakarta-eeRange3.0.0-alpha-03.0.0-alpha-2maven
OR
org.apache.shiroshiro-jakarta-eeRange2.0-alpha2.2.1maven

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

10 Jul 2026 21:42Current
6.1Medium risk
Vulners AI Score6.1
CVSS 3.15.4
EPSS0.00352
SSVC
3