Search

Find a vulnerability

Search criteria

    2 vulnerabilities by tgies

    CVE-2026-25651 (GCVE-0-2026-25651)

    Vulnerability from nvd – Published: 2026-02-06 18:50 – Updated: 2026-02-09 15:28
    VLAI
    Title
    client-certificate-auth has an Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect
    Summary
    client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. This vulnerability is fixed in 1.0.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    References
    Impacted products
    Vendor Product Version
    tgies client-certificate-auth Affected: >= 0.2.1, < 1.0.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25651",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T15:19:32.286725Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T15:28:48.992Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "client-certificate-auth",
              "vendor": "tgies",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 0.2.1, \u003c 1.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. This vulnerability is fixed in 1.0.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-06T18:50:26.046Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/tgies/client-certificate-auth/security/advisories/GHSA-m4w9-gch5-c2g4",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/tgies/client-certificate-auth/security/advisories/GHSA-m4w9-gch5-c2g4"
            },
            {
              "name": "https://github.com/tgies/client-certificate-auth/releases/tag/v1.0.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/tgies/client-certificate-auth/releases/tag/v1.0.0"
            }
          ],
          "source": {
            "advisory": "GHSA-m4w9-gch5-c2g4",
            "discovery": "UNKNOWN"
          },
          "title": "client-certificate-auth has an Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-25651",
        "datePublished": "2026-02-06T18:50:26.046Z",
        "dateReserved": "2026-02-04T05:15:41.792Z",
        "dateUpdated": "2026-02-09T15:28:48.992Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25651 (GCVE-0-2026-25651)

    Vulnerability from cvelistv5 – Published: 2026-02-06 18:50 – Updated: 2026-02-09 15:28
    VLAI
    Title
    client-certificate-auth has an Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect
    Summary
    client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. This vulnerability is fixed in 1.0.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    References
    Impacted products
    Vendor Product Version
    tgies client-certificate-auth Affected: >= 0.2.1, < 1.0.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25651",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T15:19:32.286725Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T15:28:48.992Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "client-certificate-auth",
              "vendor": "tgies",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 0.2.1, \u003c 1.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. This vulnerability is fixed in 1.0.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-06T18:50:26.046Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/tgies/client-certificate-auth/security/advisories/GHSA-m4w9-gch5-c2g4",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/tgies/client-certificate-auth/security/advisories/GHSA-m4w9-gch5-c2g4"
            },
            {
              "name": "https://github.com/tgies/client-certificate-auth/releases/tag/v1.0.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/tgies/client-certificate-auth/releases/tag/v1.0.0"
            }
          ],
          "source": {
            "advisory": "GHSA-m4w9-gch5-c2g4",
            "discovery": "UNKNOWN"
          },
          "title": "client-certificate-auth has an Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-25651",
        "datePublished": "2026-02-06T18:50:26.046Z",
        "dateReserved": "2026-02-04T05:15:41.792Z",
        "dateUpdated": "2026-02-09T15:28:48.992Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }