CVE-2026-35404
Received Received - Intake
Open edX Open Redirect Enables Phishing and Credential Theft

Publication date: 2026-04-06

Last updated on: 2026-04-16

Assigner: GitHub, Inc.

Description
Open edX Platform enables the authoring and delivery of online learning at any scale. he view_survey endpoint accepts a redirect_url GET parameter that is passed directly to HttpResponseRedirect() without any URL validation. When a non-existent survey name is provided, the server issues an immediate HTTP 302 redirect to the attacker-controlled URL. Additionally, the same unvalidated URL is embedded in a hidden form field and returned in a JSON response after form submission, where client-side JavaScript performs location.href = url. This enables phishing and credential theft attacks against authenticated Open edX users. This vulnerability is fixed with commit 76462f1e5fa9b37d2621ad7ad19514b403908970.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-06
Last Modified
2026-04-16
Generated
2026-05-06
AI Q&A
2026-04-07
EPSS Evaluated
2026-05-05
NVD
CVE-2026-35404
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openedx openedx to 2026-04-02 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability exists in the Open edX Platform's view_survey endpoint, which accepts a redirect_url GET parameter without validating the URL. When a non-existent survey name is provided, the server immediately redirects users to an attacker-controlled URL using an HTTP 302 redirect. Additionally, this unvalidated URL is embedded in a hidden form field and returned in a JSON response after form submission, where client-side JavaScript uses it to change the location.href. This behavior enables attackers to conduct phishing and credential theft attacks against authenticated Open edX users.


How can this vulnerability impact me? :

This vulnerability can lead to phishing and credential theft attacks targeting authenticated users of the Open edX Platform. Attackers can redirect users to malicious websites controlled by them, potentially tricking users into revealing sensitive information such as login credentials.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed with commit 76462f1e5fa9b37d2621ad7ad19514b403908970. Applying this fix or updating to a version of Open edX that includes this commit is the immediate step to mitigate the vulnerability.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability enables phishing and credential theft attacks against authenticated Open edX users by allowing unvalidated redirects to attacker-controlled URLs. This can lead to unauthorized access to user credentials and potentially personal data.

Such unauthorized access and potential data exposure could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding user data and preventing unauthorized access.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart