Home

Description

Open redirect vulnerability (CWE-601) in the _safe_redirect function of the click-tracking endpoint (/c/<token>/) in Mailerup <1.0.0 on all platforms allows remote unauthenticated attackers to redirect victims to arbitrary external sites and conduct phishing attacks via a crafted u query parameter, because the URL scheme is validated (blocking javascript: and data:) but the destination host is not restricted to an allowlist, and a signing.BadSignature exception is silently caught so a valid signed token is not required.

PUBLISHED Reserved 2026-06-24 | Published 2026-06-24 | Updated 2026-06-24 | Assigner Secur0




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

Problem types

CWE-601 URL redirection to untrusted site ('open redirect')

Product status

Default status
unaffected

Any version before 1.0.1
affected

Credits

Dario Rivas Quero from Secur0 security team finder

Cristian Fernandez Cornejo from Secur0 security team finder

Mario Alvarez Fernandez remediation developer

Xoan M. Otero Jorge analyst

Secur0 CNA coordinator

References

github.com/...ommit/99eb6d4586134bf3f4422093fbf47d6794ef0ee5 patch

cve.org (CVE-2026-13163)

nvd.nist.gov (CVE-2026-13163)

Download JSON