A vulnerability was found in CakePHP up to 2.11.0/3.3.5/4.1.0. It has been rated as problematic. This issue affects the function
getLoginRedirect of the component Authentication. This manipulation of the argument redirect causes open redirect.
This vulnerability appears as CVE-2026-55590. The attack may be initiated remotely. There is no available exploit.