← Volver a CVEs
CVE-2026-34931
CRITICAL9.6
Descripcion
hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. With these tokens, the attacker can sign in as the victim to takeover their account. This issue has been patched in version 2026.3.0.
Detalles CVE
Puntuacion CVSS v3.19.6
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado4/2/2026
Ultima modificacion4/15/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
hoppscotch:hoppscotch
Debilidades (CWE)
CWE-601
Referencias
https://github.com/hoppscotch/hoppscotch/releases/tag/2026.3.0(security-advisories@github.com)
https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-7fg7-wx5q-6m3v(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.