CVE-2026-12379
Received Received - Intake

Open Redirect in Axivion Dashboard

Vulnerability report for CVE-2026-12379, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: TQtC

Description

An Open Redirect vulnerability (CWE-601) exists in the OAuth/OIDC authentication implementation of the Axivion Dashboard. The login flow did not properly restrict the post-authentication redirect to the application's own origin, so a user who follows a crafted login link can be sent to an untrusted external site after authenticating against the genuine Dashboard. Because the link points at the legitimate Dashboard, this can be abused for phishing, for example credential or second-factor theft via a convincing look-alike page. Exploitation requires the victim to follow the attacker-supplied link and complete the authentication flow.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
axivion dashboard From 7.8.5 (inc) to 7.8.12 (inc)
axivion dashboard From 7.9.0 (inc) to 7.9.12 (inc)
axivion dashboard From 7.10.0 (inc) to 7.10.10 (inc)
axivion dashboard From 7.11.0 (inc) to 7.11.6 (inc)
axivion dashboard From 7.12.0 (inc) to 7.12.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an Open Redirect issue in the OAuth/OIDC authentication of the Axivion Dashboard. The login flow fails to restrict post-authentication redirects to the application's own domain. Attackers can craft malicious login links that redirect users to untrusted external sites after authentication, potentially enabling phishing attacks or credential theft.

Detection Guidance

Check for unusual redirect URLs in OAuth/OIDC login flows by inspecting network traffic during authentication. Look for post-authentication redirects to external domains. Review server logs for repeated failed login attempts or unexpected redirect patterns.

Impact Analysis

If you follow a crafted login link, you could be redirected to a fake but convincing look-alike page after authenticating. This could trick you into entering credentials or second-factor details, which attackers can then steal. It requires you to follow the malicious link and complete the authentication process.

Compliance Impact

This vulnerability could potentially impact compliance with GDPR and HIPAA by enabling phishing attacks that steal credentials or second-factor authentication. If exploited, attackers may gain unauthorized access to sensitive data, violating GDPR's data protection principles or HIPAA's security requirements for protected health information.

Mitigation Strategies

Update Axivion Dashboard to the latest patched version. Configure strict allowlists for post-authentication redirects to only trusted origins. Disable OAuth/OIDC if not required. Monitor for suspicious login activity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12379. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart