CVE-2026-35411 — Open Redirect in Directus

CWE-601 — Open Redirect696 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 85.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Directus

Timeline

Latest updateApr 4

PublishedApr 6

Description

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus is vulnerable to an open redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication (2FA) visits a crafted URL, they are presented with the legitimate Directus 2FA setup page. After completing the setup process, the application redirects the user to the attacker-controlled URL specified in the redirect …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5directus/directus< 11.16.1

▶npmdirectus/directus< 11.16.1

🔴Vulnerability Details

GHSA

Directus: Open Redirect in Admin 2FA Setup Page↗2026-04-04

▶

OSV

Directus: Open Redirect in Admin 2FA Setup Page↗2026-04-04

▶

🕵️Threat Intelligence

693

Wiz

GHSA-w3hv-x4fp-6h6j Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-34373 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-34076 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-2739 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-1527 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶