Open redirect in Icinga Web 2 - #VU136935
Published: July 6, 2026
Icinga Web 2
Detailed vulnerability description
The vulnerability allows a remote user to redirect users to an arbitrary site.
The vulnerability exists due to url redirection to an untrusted site in the login page when handling a crafted login URL. A remote user can craft a malicious URL to redirect users to an arbitrary site.
The victim must visit the crafted URL, and exploitation succeeds only when the victim's locale is different from en_US.