Back to overview

CVE-2026-59180

LOW Exploitation: PoC
3.1
CVSS 3.1
Description
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins and HTTP attachment and config loaders in apprise/attachment/http.py and apprise/config/http.py follow HTTP redirects by default and resend user-configured auth headers and query parameters on the redirected request, allowing a compromised trusted destination or on-path attacker to receive secrets such as Authorization headers, bearer tokens, custom headers, and service keys. This issue is fixed in version 1.11.0.

Metadata

CVE ID
CVE-2026-59180
State
PUBLISHED
Assigner
GitHub_M
Reserved
2026-07-02 19:53 UTC
Published
2026-07-10 16:02 UTC
Last updated
2026-07-10 16:54 UTC
Primary CWE
CWE-200
CWE-200: Exposure of Sensitive Information to an Unauthorize…
Vendor / Product
caronc / apprise
Sources
cve.org  ·  NVD

Severity & Metrics

3.1 LOW CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
SSVC — CISA Coordinator
Exploitation
PoC
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
caronc apprise < 1.11.0
Weakness (CWE)
CWESourceDescription
CWE-200 cna CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-601 cna CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CVSS scores (1)
ScoreSeverityVersionSourceVector
3.1 LOW 3.1 cna CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
References (4)
Back to overview