CNNVD-202601-1460 Information

CNNVD ID

CNNVD-202601-1460

Related CVE

CVE-2026-22032

• CNNVD Published: 2026-01-08

Description (Chinese)

Directus是Directus开源的一个实时 Api 和应用程序仪表板。用于管理 Sql 数据库内容。 Directus 11.14.0之前版本存在输入验证错误漏洞，该漏洞源于SAML认证回调端点存在开放重定向，可能导致用户被重定向至任意外部URL。

Description (English)

Directus is a real-time Api and application dashboard from Directus open source. To manage Sql database content. Directus 11.14.0 has an input validation error loophole that stems from the open re-direction of the SAML authentication callback point, which may lead to the re-direction of the user to any external URL.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

Directus

Published

2026-01-08

Last Modified

2026-02-24

References

https://github.com/directus/directus/security/advisories/GHSA-3573-4c68-g8cc https://github.com/directus/directus/commit/dad9576ea9362905cc4de8028d3877caff36dc23 https://access.redhat.com/security/cve/cve-2026-22032

Patch

https://directus.io/