CVE-2026-3049 identifies an open redirect vulnerability in the horilla-opensource horilla product, affecting versions 1.0.0 through 1.0.2. The vulnerability is located in the get function within the file horilla_generics/global_search.py, specifically in the Query Parameter Handler component. The issue stems from insufficient validation or sanitization of the 'prev_url' query parameter, which an attacker can manipulate to redirect users to arbitrary external websites. This type of vulnerability can be exploited remotely without requiring authentication, but it necessitates user interaction, such as clicking a crafted link. The open redirect can facilitate phishing attacks by making malicious URLs appear legitimate, potentially leading to credential theft or malware distribution. The vulnerability has been assigned a CVSS 4.0 score of 5.3, reflecting a medium severity level due to its ease of exploitation and impact on user trust and security. The vendor has addressed this issue in version 1.0.3 by implementing proper validation or sanitization of the 'prev_url' parameter. The patch is identified by commit 730b5a44ff060916780c44a4bdbc8ced70a2cd27. Although no known exploits in the wild have been reported, the public availability of exploit code increases the risk of attacks. Organizations using horilla should upgrade promptly to prevent exploitation.

The primary impact of this vulnerability is the potential for attackers to redirect users to malicious websites, which can lead to phishing, social engineering, or malware distribution campaigns. While the vulnerability does not directly compromise system confidentiality, integrity, or availability, it undermines user trust and can serve as a stepping stone for more severe attacks. Organizations relying on horilla for web services may face reputational damage if users are redirected to harmful sites. Additionally, attackers could exploit this vulnerability to bypass security filters or to craft convincing phishing URLs that appear to originate from trusted horilla-hosted domains. The medium CVSS score reflects the moderate risk posed by this vulnerability, especially in environments with high user interaction or sensitive data. The scope of affected systems includes all deployments running horilla versions 1.0.0 to 1.0.2, potentially impacting organizations globally that utilize this software.

To mitigate CVE-2026-3049, organizations should immediately upgrade horilla to version 1.0.3 or later, where the vulnerability has been patched. In addition to upgrading, administrators should audit web application logs for suspicious redirect attempts and monitor user reports of unexpected redirects. Implementing web application firewall (WAF) rules to detect and block requests with suspicious 'prev_url' parameters can provide temporary protection. Security teams should educate users about the risks of clicking on unexpected links, especially those that appear to redirect through trusted domains. Developers maintaining forks or custom versions of horilla should review and apply the patch identified by commit 730b5a44ff060916780c44a4bdbc8ced70a2cd27 to ensure proper validation of redirect parameters. Finally, organizations should conduct regular security assessments to identify similar open redirect vulnerabilities in other components or third-party software.