2 matches found
CVE-2026-35410
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, an open redirect vulnerability exists in the login redirection logic. The isLoginRedirectAllowed function fails to correctly identify certain malformed URLs as external, allowing attackers to bypass...
@altipla/directus-sdk-utils (=0.7.2), @devix-tecnologia/utils-ts (=1.0.0) +5 more potentially affected by CVE-2026-35410 via directus (>=10.10.0 <=11.16.0)
directus NPM version =10.10.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2026-35410 Source advisory: OSV:GHSA-CF45-HXWJ-4CFJ...