2 matches found
CVE-2026-55590
CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 based applications. Prior to 2.11.1, 3.3.6, and 4.1.1, the getLoginRedirect method contains a weakness to backslash bypasses that allows redirect targets with attacker-controlled hostnames through the...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect in the getLoginRedirect function. An attacker can redirect users to an attacker-controlled hostname by exploiting a backslash bypass in the redirect target. Remediation Upgrade cakephp/authentication to version 3.3.6, 4.1....