CVE-2026-25651

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-25651

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25651.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-25651

Aliases

GHSA-m4w9-gch5-c2g4

Published

2026-02-06T18:50:26.046Z

Modified

2026-02-26T00:37:45.728319Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

client-certificate-auth has an Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect

Details

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. This vulnerability is fixed in 1.0.0.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-601"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25651.json"
}

References

Affected packages

Git / github.com/tgies/client-certificate-auth

Affected ranges

Type: GIT
Repo: https://github.com/tgies/client-certificate-auth
Events: Introduced

2daf0d8be0f108485627eac3343e790a74a2b4a9

Fixed

ddbd4ab52bc5c73ad73defdcdff059e1d48409bd

Affected versions

0.*

0.2.1

0.3.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25651.json"