CVE-2026-25651 in client-certificate-authinfo

Zusammenfassung

von MITRE • 06.02.2026

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. This vulnerability is fixed in 1.0.0.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

04.02.2026

Veröffentlichung

06.02.2026

Moderieren

akzeptiert

Eintrag

VDB-344735

CPE

bereit

CWE

CWE-601 (bestätigt)

CVSS

6.1 (CNA)

EPSS

0.00018

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-25651
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-25651
CVE Details	https://www.cvedetails.com/cve/CVE-2026-25651/

◂ Zurück Übersicht Weiter ▸

Do you know our Splunk app?

Download it now for free!