Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.9
Mirror Registry lets attackers access internal systems with fake URLs
CVE-2026-2376
Summary
An attacker with an account can use fake web addresses to access internal systems they shouldn't have access to. This happens because the system doesn't check where the address actually leads. To fix this, update the Mirror Registry software to prevent it from following redirects without checking the final destination.
Original title
A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses.
When the applic...
Original description
A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses.
When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to.
When the application processes these addresses, it automatically follows redirects without verifying the final destination, allowing attackers to route requests to systems they should not have access to.
nvd CVSS3.1
4.9
Vulnerability type
CWE-601
Open Redirect
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026