PYSEC-2026-2552

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/kiwitcms/PYSEC-2026-2552.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2552
Aliases
Published
2026-07-13T15:46:28.941600Z
Modified
2026-07-13T16:31:47.786389777Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Kiwi TCMS has an Open Redirect via unvalidated next parameter in account confirmation endpoint
Details

Summary

An open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a legitimate Kiwi TCMS instance that redirects victims to an arbitrary external domain. The attack surface is particularly relevant for phishing campaigns targeting Kiwi TCMS users, as the malicious link originates from a trusted organizational hostname.

Impact

This is an open redirect vulnerability (CWE-601). Any unauthenticated attacker can exploit it against any user of a Kiwi TCMS deployment.

The primary risk is phishing. Because Kiwi TCMS is typically deployed as an internal tool for engineering and QA teams, a redirect from the organization's own hostname carries high implicit trust. An attacker can use this endpoint to: - Redirect victims to a credential-harvesting page styled to match the Kiwi TCMS or corporate SSO login. - Bypass email security filters and link-reputation checks that allowlist the organization's domain. - Distribute malware via a convincing "confirm your account" lure.

References

Affected packages

PyPI / kiwitcms

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
12.4

Affected versions

6.*
6.2.1
6.3
6.4
6.5
6.5.3
6.6
6.7
6.8
6.9
6.10
6.11
7.*
7.0
7.1
7.2
7.2.1
7.3
8.*
8.0
8.1
8.1.99
8.2
8.3
8.4
8.5
8.6
8.6.1
8.7
8.8
8.9
9.*
9.0
9.999
10.*
10.0
10.1
10.2
10.3
10.3.999
10.4
10.5
11.*
11.0
11.1
11.3
11.4
11.5
11.6
11.7
12.*
12.0
12.1
12.2
12.3
12.4

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/kiwitcms/PYSEC-2026-2552.yaml"