React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation

Certain URLs passed to the redirect function can trigger an open redirect to an external domain depending on the level of validation done by the application prior to returning the redirect. !NOTE This does not impact your React Router application if you are using Declarative Mode...

CVE-2026-44427

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...

EUVD-2026-30491

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...

CVE-2026-44427

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...

GHSA-V8VW-GW5J-W7M6 MCP Registry has open redirect via protocol-relative path in trailing-slash middleware

Summary The TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ that, after trailing slash removal, results in a Location header of //evil.com — which browsers interpret as an...

MCP Registry has open redirect via protocol-relative path in trailing-slash middleware

Summary The TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ that, after trailing slash removal, results in a Location header of //evil.com — which browsers interpret as an...

GHSA-FP4X-GGRF-WMC6 H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation

Summary The redirectBack utility in h3 validates that the Referer header shares the same origin as the request before using its pathname as the redirect Location. However, the pathname is not sanitized for protocol-relative paths starting with //. An attacker can craft a same-origin URL with a...

H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation

Summary The redirectBack utility in h3 validates that the Referer header shares the same origin as the request before using its pathname as the redirect Location. However, the pathname is not sanitized for protocol-relative paths starting with //. An attacker can craft a same-origin URL with a...