CVE-2026-6795
Open Redirect Vulnerability in DivvyDrive
Publication date: 2026-05-07
Last updated on: 2026-05-07
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| divvydrive_information_technologies_inc | divvydrive | From 4.8.2.9 (inc) to 4.8.3.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an 'open redirect' issue in DivvyDrive software versions from 4.8.2.9 before 4.8.3.2. It occurs because DivvyDrive allows parameter injection, which means an attacker can manipulate URL parameters to redirect users to untrusted external sites.
How can this vulnerability impact me? :
The vulnerability can lead to users being redirected to malicious websites without their consent. This can result in phishing attacks, credential theft, malware distribution, and other security risks. Because the vulnerability has a high CVSS score (9.6), it indicates a critical impact including high confidentiality, integrity, and availability risks.