Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a client login link with an external URL in the intended parameter, which is stored in the session without host validation and emitted verbatim via a bare redirect in the ContactLoginController authenticated() handler after the victim completes a legitimate login, enabling phishing attacks.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Tue, 30 Jun 2026 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a client login link with an external URL in the intended parameter, which is stored in the session without host validation and emitted verbatim via a bare redirect in the ContactLoginController authenticated() handler after the victim completes a legitimate login, enabling phishing attacks. | |
| Title | Invoice Ninja 5.13.26 - Open Redirect in Client Portal Login via intended Parameter | |
| First Time appeared |
Invoiceninja
Invoiceninja invoice Ninja |
|
| Weaknesses | CWE-601 | |
| CPEs | cpe:2.3:a:invoiceninja:invoice_ninja:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Invoiceninja
Invoiceninja invoice Ninja |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-30T21:07:25.092Z
Reserved: 2026-06-30T19:09:07.026Z
Link: CVE-2026-58450
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-30T22:30:06Z
Weaknesses