CVE-2026-40255P4MEDIUMCVSS 6.1fixed in 7.4.02026-04-16
CVE-2026-40255 [MEDIUM] CWE-601 CVE-2026-40255: AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs
AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions prior to 7.8.1 and 8.0.0-next.0 through 8.1.3, and @adonisjs/core versions prior to 7.4.0, the response.redirect().back() method reads the Referer header from the incoming HTTP request and redirects to that URL without validating
nvd