CVE-2026-2709 | busy up to 2.5.5 Callback app.js state redirect (Issue 2287)

A vulnerability was found in busy up to 2.5.5. It has been declared as problematic. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect.

This vulnerability is registered as CVE-2026-2709. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-2709 | busy up to 2.5.5 Callback app.js state redirect (Issue 2287)

Post correlati

CVE-2025-10467 | Proliz OBS Student Affairs Information System prior 25.0401 cross site scripting

CVE-2018-9386 | Google Android HTC reboot_block Driver reboot_block_command stack-based overflow

CVE-2024-3812 | ThemeNectar Salient Core Plugin up to 2.0.7 on WordPress Shortcode nectar_icon filename control

CVE-2025-23219 | LabRedesCefetRJ WeGIA up to 3.2.9 adicionar_cor.php sql injection