CVE-2026-22032 — Open Redirect in Directus

CWE-601 — Open Redirect4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 77.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Directus Monospace Directus Directus API

Timeline

Latest updateJan 6

PublishedJan 8

Description

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.14.0, an open redirect vulnerability exists in the Directus SAML authentication callback endpoint. During SAML authentication, the `RelayState` parameter is intended to preserve the user's original destination. However, while the login initiation flow validates redirect targets against allowed domains, this validation is not applied to the callback endpoint. This allows an attacker to craft a mal…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶npmdirectus/api< 32.1.1

▶CVEListV5directus/directus< 11.14.0

▶npmdirectus/directus< 11.14.0

▶NVDmonospace/directus< 11.14.0

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

Directus has open redirect in SAML↗2026-01-06

▶

GHSA

Directus has open redirect in SAML↗2026-01-06

▶

🕵️Threat Intelligence

Wiz

CVE-2026-22032 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶