Vulnerability DatabaseCVE-2026-11477
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-11477
Published:June 08, 2026
Updated:June 11, 2026
A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in open redirect. The attack can be executed remotely. The exploit is now public and may be used. The patch is identified as c2882679a9125cea52678151af5ae213cbd52579. Applying a patch is advised to resolve this issue.
Related Resources (8)
https://github.com/hs-web/hsweb-framework/pull/355
https://vuldb.com/vuln/369097/cti
https://github.com/hs-web/hsweb-framework/
https://github.com/hs-web/hsweb-framework/commit/c2882679a9125cea52678151af5ae213cbd52579
https://vuldb.com/submit/833962
https://github.com/hs-web/hsweb-framework/issues/354
https://vuldb.com/cve/CVE-2026-11477
https://vuldb.com/vuln/369097
Do you need more information?
Contact Us
CVSS v4
Base Score:
2.1
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
Exploit Maturity
POC
CVSS v3
Base Score:
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE
Exploit Maturity
PROOF-OF-CONCEPT
Weakness Type (CWE)
URL Redirection to Untrusted Site ('Open Redirect')
CWE-601
EPSS
Base Score:
0.03