CVE-2026-42207

Source
https://cve.org/CVERecord?id=CVE-2026-42207
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42207.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-42207
Aliases
Published
2026-05-15T17:06:40.973Z
Modified
2026-07-08T08:13:14.457806603Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Magento LTS: Open Redirect via Unvalidated `uenc` Parameter in `stockAction()` - magento-lts
Details

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, MageProductAlertAddController::stockAction() reads the uenc query parameter and passes it directly to $this->_redirectUrl($backUrl) without calling $this->isUrlInternal(). When the supplied productid does not match any catalog product, the server issues an unvalidated HTTP 302 redirect to whatever URL was provided as uenc. This vulnerability is fixed in 20.18.0.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42207.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-601"
    ]
}
References

Affected packages

Git / github.com/openmage/magento-lts

Affected ranges

Type
GIT
Repo
https://github.com/openmage/magento-lts
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "20.18.0"
        }
    ]
}

Affected versions

1.*
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.2.0
1.2.0.1
1.2.0.2
1.2.0.3
1.2.1
1.2.1.2
1.3.0
1.3.1
1.3.1.1
1.3.2
1.3.2.1
1.3.2.2
1.3.2.3
1.3.2.4
1.4.0.0
1.4.0.0-alpha1
1.4.0.0-alpha2
1.4.0.0-alpha3
1.4.0.0-beta1
1.4.0.0-rc1
1.4.0.1
1.4.1.0
1.4.1.1
1.4.2.0
1.5.0.0
1.5.0.0-alpha1
1.5.0.0-alpha2
1.5.0.0-beta1
1.5.0.0-beta2
1.5.0.0-rc1
1.5.0.0-rc2
1.5.0.1
1.5.1.0
1.6.0.0
1.6.0.0-alpha1
1.6.0.0-beta1
1.6.0.0-rc1
1.6.0.0-rc2
1.6.1.0
1.7.0.0
1.7.0.1
1.7.0.2
1.8.1.0
1.9.0.0
1.9.0.1
1.9.1.0-lts
1.9.1.1
v19.*
v19.4.0
v19.4.1
v19.4.2
v19.4.3
v19.4.4
v20.*
v20.0.0
v20.0.1
v20.0.10
v20.0.11
v20.0.12
v20.0.13
v20.0.15
v20.0.16
v20.0.17
v20.0.18
v20.0.2
v20.0.3
v20.0.4
v20.0.5
v20.0.6
v20.0.7
v20.0.8
v20.1.0
v20.1.0-rc1
v20.1.0-rc2
v20.1.0-rc3
v20.1.0-rc4
v20.1.0-rc5
v20.1.0-rc6
v20.1.0-rc7
v20.1.1
v20.10.0
v20.10.1
v20.11.0
v20.12.0
v20.12.1
v20.12.2
v20.13.0
v20.14.0
v20.15.0
v20.16.0
v20.17.0
v20.2.0
v20.3.0
v20.4.0
v20.5.0
v20.6.0
v20.7.0
v20.8.0
v20.9.0
v21.*
v21.0.0-beta2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42207.json"