Description
CWE-601 URL redirection to untrusted site ('open redirect')
Published: 2026-05-14
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability permits an attacker to craft a URL that forces the ntopng application to redirect users to an arbitrary, untrusted site. This open redirect can be used for phishing, social engineering, or to lure users into malicious domains, compromising the integrity of the user experience but not directly granting code execution or data exfiltration. The weakness is identified as CWE‑601.

Affected Systems

It affects the ntopng product from the ntop vendor. Specific affected versions are not listed, but the announced remedy is to upgrade to the latest available release.

Risk and Exploitability

With a CVSS score of 4.3 the vulnerability is considered low severity, and the EPSS score is not available. It is not listed in the CISA KEV catalog. The likely attack vector involves a remote user clicking a manipulated link or visiting a URL that triggers ntopng’s redirect logic. While an attacker cannot directly hijack a session or execute code, the ability to redirect users to malicious sites increases the risk of phishing and user confusion. Acting on the vendor’s recommendation to update mitigates the risk entirely.

Generated by OpenCVE AI on May 14, 2026 at 18:35 UTC.

Remediation

Vendor Solution

Update to latest version.

OpenCVE Recommended Actions

  • Upgrade ntopng to the latest supported version per the vendor's release notes
  • Ensure that any redirect parameters are validated against a whitelist of trusted domains on the server side
  • Disable or remove the redirect feature if it is not required for business needs
  • Consider implementing a web application firewall rule set to flag unexpected redirect requests

Generated by OpenCVE AI on May 14, 2026 at 18:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Ntop
Ntop ntopng
Vendors & Products Ntop
Ntop ntopng

Thu, 14 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 14 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description CWE-601 URL redirection to untrusted site ('open redirect')
Title ntopng - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Weaknesses CWE-601
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}

Subscriptions

Ntop Ntopng
cve-icon MITRE

Status: PUBLISHED

Assigner: INCD

Published:

Updated: 2026-05-14T18:35:32.924Z

Reserved: 2026-05-12T15:11:23.921Z

Link: CVE-2026-45448

cve-icon Vulnrichment

Updated: 2026-05-14T18:35:27.417Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-14T17:16:23.640

Modified: 2026-05-14T18:24:08.747

Link: CVE-2026-45448

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T20:15:06Z

Weaknesses