Back to overview

CVE-2026-12379

MEDIUM
6.8
CVSS 4.0
Description
An Open Redirect vulnerability (CWE-601) exists in the OAuth/OIDC authentication implementation of the Axivion Dashboard. The login flow did not properly restrict the post-authentication redirect to the application's own origin, so a user who follows a crafted login link can be sent to an untrusted external site after authenticating against the genuine Dashboard. Because the link points at the legitimate Dashboard, this can be abused for phishing, for example credential or second-factor theft via a convincing look-alike page. Exploitation requires the victim to follow the attacker-supplied link and complete the authentication flow.

Metadata

CVE ID
CVE-2026-12379
State
PUBLISHED
Assigner
TQtC
Reserved
2026-06-16 09:08 UTC
Published
2026-07-16 15:32 UTC
Last updated
2026-07-16 15:58 UTC
Primary CWE
CWE-601
CWE-601 URL redirection to untrusted site ('open redirect')
Vendor / Product
Qt / Axivion
Sources
cve.org  ·  NVD

Severity & Metrics

6.8 MEDIUM CVSS 4.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
Qt Axivion 7.8.0 ≤ 7.8.12, 7.9.0 ≤ 7.9.12, 7.10.0 ≤ 7.10.10, 7.11.0 ≤ 7.11.6 …
Weakness (CWE)
CWESourceDescription
CWE-601 cna CWE-601 URL redirection to untrusted site ('open redirect')
CVSS scores (1)
ScoreSeverityVersionSourceVector
6.8 MEDIUM 4.0 cna CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M
Back to overview