CVE-2026-30346
Open Redirect in hunvreus DevPush /api/google/authorize Endpoint
Publication date: 2026-04-27
Last updated on: 2026-04-27
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hunvreus | devpush | 0.3.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to several negative impacts including information disclosure and enabling phishing or social engineering attacks.
Because users trust the DevPush domain, attackers can exploit this trust to redirect users to malicious websites that may steal credentials or deliver malware.
The vulnerability is remotely exploitable and can affect any user who clicks on a crafted malicious link.
Can you explain this vulnerability to me?
CVE-2026-30346 is an open redirect vulnerability found in DevPush version 0.3.2, specifically in the /api/google/authorize endpoint.
This vulnerability allows attackers to craft a malicious URL that, when visited by a user, redirects them from the trusted DevPush domain to an attacker-controlled site.
The attack works by supplying a specially crafted URL parameter (e.g., next=https://attacker-domain) that causes the application to redirect the user to a malicious external site.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for requests to the /api/google/authorize endpoint that include a crafted 'next' parameter redirecting to an external or suspicious domain.
A simple way to detect potential exploitation attempts is to search your web server logs or network traffic for URLs matching the pattern: /api/google/authorize?next=https://<external-domain>/
Example command to search logs for suspicious redirect attempts (assuming Apache or Nginx logs):
- grep "/api/google/authorize?next=" /var/log/nginx/access.log
- grep "/api/google/authorize?next=" /var/log/apache2/access.log
You can also use network monitoring tools or intrusion detection systems to alert on outbound HTTP redirects to untrusted domains originating from this endpoint.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or validating the 'next' parameter in the /api/google/authorize endpoint to prevent open redirects.
If possible, update or patch DevPush to a version where this vulnerability is fixed. However, no specific patch or fix version is mentioned in the provided resources.
As a temporary workaround, you can implement input validation or filtering on the server side to ensure that the 'next' parameter only allows internal URLs or trusted domains.
Additionally, inform users about the risk of phishing attacks exploiting this vulnerability and advise caution when clicking on links that redirect through the affected endpoint.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The open redirect vulnerability in DevPush v0.3.2 allows attackers to redirect users to malicious sites, which can facilitate phishing or social engineering attacks by exploiting user trust in the DevPush domain.
Such phishing or social engineering attacks could potentially lead to unauthorized disclosure of personal or sensitive information, which may impact compliance with standards and regulations like GDPR or HIPAA that require protection of user data and prevention of unauthorized access.
However, the provided information does not explicitly state the direct compliance impact or any regulatory violations caused by this vulnerability.