Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Busy Server Application Allows Remote Redirect Attack
CVE-2026-2709
Summary
A security flaw in Busy up to version 2.5.5 can be exploited remotely, allowing an attacker to redirect users to a malicious website. This poses a risk to users who click on links or visit sites that are vulnerable to this issue. The vendor has not yet responded to a report about this problem.
Original title
A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulat...
Original description
A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
4.0
nvd CVSS3.1
3.5
nvd CVSS4.0
5.1
Vulnerability type
CWE-601
Open Redirect
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026