CVE-2026-0712 is an open redirect vulnerability categorized under CWE-601, discovered in the Incoming Goods Suite product by SICK AG, which integrates Grafana OSS components starting from version 11.5.0. The vulnerability allows an attacker to craft URLs that redirect users to malicious external sites without proper validation. This open redirect can be exploited in combination with path traversal vulnerabilities to perform cross-site scripting (XSS) attacks, potentially leading to session hijacking, credential theft, or delivery of malicious payloads. The vulnerability has a CVSS 3.1 base score of 7.6, reflecting its high severity due to network exploitability (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The impact includes high confidentiality loss, low integrity loss, and low availability loss. The vulnerability was introduced in Grafana OSS version 11.5.0 and fixed in subsequent security releases (12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01, and 11.3.8+security-01). No known exploits have been reported in the wild yet, but the chaining potential with path traversal vulnerabilities increases the attack surface. The vulnerability affects organizations using the Incoming Goods Suite in industrial and supply chain contexts, where Grafana OSS is used for monitoring and visualization. Attackers could leverage this flaw to redirect users to phishing sites or inject malicious scripts, compromising user sessions and data confidentiality.

For European organizations, the impact of CVE-2026-0712 is significant, particularly for those in manufacturing, logistics, and industrial automation sectors that rely on SICK AG's Incoming Goods Suite and Grafana OSS for operational monitoring and management. Exploitation could lead to unauthorized disclosure of sensitive operational data, user credential theft, and potential disruption of supply chain visibility. The confidentiality impact is high as attackers can redirect users to malicious sites or execute XSS attacks to steal session tokens or credentials. Integrity impact is lower but still present due to possible injection of malicious scripts. Availability impact is limited but could occur if attackers use the vulnerability to disrupt user access or inject denial-of-service payloads. The requirement for user interaction means phishing or social engineering campaigns could be used to exploit this vulnerability. Given the critical role of industrial monitoring in European manufacturing hubs, successful exploitation could have cascading effects on production efficiency and safety compliance.

European organizations should immediately verify their use of SICK AG's Incoming Goods Suite and the specific Grafana OSS versions in their environments. Applying the security patches released in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01, or 11.3.8+security-01 is essential to remediate the vulnerability. In addition to patching, organizations should implement strict input validation and sanitization on all URL parameters that control redirects to prevent open redirect exploitation. Web application firewalls (WAFs) can be configured to detect and block suspicious redirect patterns and path traversal attempts. Security teams should conduct phishing awareness training to reduce the risk of user interaction exploitation. Regular security audits and penetration testing focusing on chained vulnerabilities like open redirect combined with path traversal should be performed. Network segmentation and least privilege principles should be enforced to limit the impact of any successful exploit. Monitoring and logging of redirect activities and anomalous user behavior can help detect exploitation attempts early.