CVE-2026-9566 | teableio teable up to 1.9.x Sign-up LoginPage.tsx redirect cross site scripting

A vulnerability has been found in teableio teable up to 1.9.x and classified as problematic. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2026-9566. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The affected component should be upgraded.

The vendor confirms: “The default branch of teableio/teable is develop, and the reported login redirect issue has already been fixed there. The login redirect flow now validates the redirect parameter with isValidRedirectPath() before navigation, which blocks javascript:, data:, and cross-origin redirects.”

CVE-2026-9566 | teableio teable up to 1.9.x Sign-up LoginPage.tsx redirect cross site scripting

Post correlati

CVE-2024-5458 | PHP up to 8.1.28/8.2.19/8.3.7 URL Filter filter_var input validation

CVE-2024-43086 | Google Android 12/12L/13/14/15 AccountManagerService.java validateAccountsInternal information disclosure

CVE-2022-45840 | Lucian Apostol Auto Affiliate Links Plugin up to 6.2.1.5 on WordPress authorization

CVE-2024-4139 | SAP S4 HANA Manage Bank Statement ReProcessing Rules authorization