modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 22.214.171.124 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 126.96.36.199. Users unable to upgrade can mitigate the issue by configuring modauth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed.