GHSA-3573-4c68-g8cc

Source

https://github.com/advisories/GHSA-3573-4c68-g8cc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-3573-4c68-g8cc/GHSA-3573-4c68-g8cc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3573-4c68-g8cc

Aliases

CVE-2026-22032

Published

2026-01-06T19:22:38Z

Modified

2026-02-03T03:15:39.368842Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Directus has open redirect in SAML

Details

Security Advisory: Open Redirect in Directus SAML Authentication

Summary

An open redirect vulnerability exists in the Directus SAML authentication callback endpoint. The RelayState parameter is used in redirects without proper validation against an allowlist of permitted domains.

Vulnerability Description

During SAML authentication, the RelayState parameter is intended to preserve the user's original destination. However, while the login initiation flow validates redirect targets against allowed domains, this validation is not applied to the callback endpoint. This allows an attacker to craft a malicious authentication request that redirects users to an arbitrary external URL upon completion.

The vulnerability is present in both the success and error handling paths of the callback.

Impact

Phishing: Users can be redirected to attacker-controlled sites that mimic legitimate login pages
Credential theft: Chained attacks may leverage the redirect to capture OAuth tokens or authorization codes
Trust erosion: Users may lose confidence in the application's security posture

This vulnerability can be exploited without authentication.

Database specific

{
    "github_reviewed_at": "2026-01-06T19:22:38Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-601"
    ],
    "nvd_published_at": "2026-01-08T15:15:45Z",
    "severity": "MODERATE"
}

References

Affected packages

npm / directus

Package

Name: directus; View open source insights on deps.dev
Purl: pkg:npm/directus

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.14.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-3573-4c68-g8cc/GHSA-3573-4c68-g8cc.json"

npm / @directus/api

Package

Name: @directus/api; View open source insights on deps.dev
Purl: pkg:npm/%40directus/api

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

32.1.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-3573-4c68-g8cc/GHSA-3573-4c68-g8cc.json"