Directus, a real‑time API and dashboard for SQL databases, had a missing Cross‑Origin‑Opener‑Policy header on its Single‑Sign‑On login pages before version 11.17.0. Because the COOP header was absent, a malicious cross‑origin window that opens the Directus login tab could read and write properties of the login page’s window object. Attackers can then intercept the OAuth authorization flow and redirect it to a malicious OAuth client. This allows the victim to unknowingly grant the attacker access to their authentication provider account, such as Google or Discord.

The vulnerability affects instances of Directus running any version prior to 11.17.0. Vendors listed in the CNA entry—Directus Inc.—should review their deployments to confirm whether SSO login pages are exposed. No specific sub‑versions are enumerated, so all releases before the patch should be considered at risk.

The computed CVSS score of 8.7 indicates a high‑severity flaw with a substantial impact on confidentiality and integrity. The lack of an EPSS score or KEV listing suggests that there is currently no widespread exploitation evidence, yet the vulnerability is trivially exploitable by any site that can open the Directus SSO login in a cross‑origin context. Attackers would need to entice a user to visit a malicious page that opens, manipulates, and then redirects the OAuth flow, making this vulnerability fall into the realm of social‑engineering or web‑page manipulation tactics.