CVE-2026-11477 | hs-web hsweb-framework up to 5.0.1 OAuth2 Client OAuth2Client.java OAuth2Client redirect (Issue 354)

Inserito da Angelo Barbosa | Giu 7, 2026 | CVE

A vulnerability classified as problematic was found in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in open redirect.

This vulnerability is identified as CVE-2026-11477. The attack can be executed remotely. Additionally, an exploit exists.

Applying a patch is advised to resolve this issue.

CVE-2026-11477 | hs-web hsweb-framework up to 5.0.1 OAuth2 Client OAuth2Client.java OAuth2Client redirect (Issue 354)

Post correlati

CVE-2026-7019 | Tenda F456 1.0.0.5 /goform/P2pListFilter fromP2pListFilter menufacturer/Go buffer overflow

CVE-2023-52100 | Huawei HarmonyOS 4.0.0 Celia Keyboard Module access control

CVE-2024-35182 | Meshery up to 0.7.21 API /api/v2/events sql injection (GHSL-2024-013)

CVE-2024-43242 | azzaroco Ultimate Membership Pro Plugin up to 12.6 on WordPress deserialization