CVE-2026-35404: CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in openedx openedx-platform
Open edX Platform enables the authoring and delivery of online learning at any scale. The view_survey endpoint accepts a redirect_url GET parameter that is passed directly to HttpResponseRedirect() without any URL validation. When a non-existent survey name is provided, the server issues an immediate HTTP 302 redirect to the attacker-controlled URL. Additionally, the same unvalidated URL is embedded in a hidden form field and returned in a JSON response after form submission, where client-side JavaScript performs location.href = url. This enables phishing and credential theft attacks against authenticated Open edX users. This vulnerability is fixed with commit 76462f1e5fa9b37d2621ad7ad19514b403908970.
AI Analysis
Technical Summary
The Open edX Platform's view_survey endpoint improperly handles the redirect_url GET parameter by passing it directly to HttpResponseRedirect() without validation. When a non-existent survey name is provided, the server issues an immediate HTTP 302 redirect to the supplied URL, which can be attacker-controlled. Additionally, the unvalidated URL is included in a hidden form field and returned in a JSON response, where client-side JavaScript sets location.href to this URL. This open redirect vulnerability (CWE-601) enables phishing and credential theft attacks against authenticated users. The issue is fixed in commit 76462f1e5fa9b37d2621ad7ad19514b403908970.
Potential Impact
An attacker can exploit this vulnerability to redirect users to malicious websites, potentially leading to phishing attacks and credential theft. The vulnerability does not directly impact confidentiality, integrity, or availability of the Open edX Platform itself but poses a risk to user security through social engineering. The CVSS score is 4.7 (medium severity), reflecting the network attack vector, low complexity, no privileges required, user interaction required, and limited confidentiality impact.
Mitigation Recommendations
This vulnerability is fixed in commit 76462f1e5fa9b37d2621ad7ad19514b403908970. Users and administrators should update the Open edX Platform to this commit or a later version that includes the fix. No additional mitigation steps are indicated by the vendor advisory. Patch status is confirmed by the presence of the fixing commit.
CVE-2026-35404: CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in openedx openedx-platform
Description
Open edX Platform enables the authoring and delivery of online learning at any scale. The view_survey endpoint accepts a redirect_url GET parameter that is passed directly to HttpResponseRedirect() without any URL validation. When a non-existent survey name is provided, the server issues an immediate HTTP 302 redirect to the attacker-controlled URL. Additionally, the same unvalidated URL is embedded in a hidden form field and returned in a JSON response after form submission, where client-side JavaScript performs location.href = url. This enables phishing and credential theft attacks against authenticated Open edX users. This vulnerability is fixed with commit 76462f1e5fa9b37d2621ad7ad19514b403908970.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Open edX Platform's view_survey endpoint improperly handles the redirect_url GET parameter by passing it directly to HttpResponseRedirect() without validation. When a non-existent survey name is provided, the server issues an immediate HTTP 302 redirect to the supplied URL, which can be attacker-controlled. Additionally, the unvalidated URL is included in a hidden form field and returned in a JSON response, where client-side JavaScript sets location.href to this URL. This open redirect vulnerability (CWE-601) enables phishing and credential theft attacks against authenticated users. The issue is fixed in commit 76462f1e5fa9b37d2621ad7ad19514b403908970.
Potential Impact
An attacker can exploit this vulnerability to redirect users to malicious websites, potentially leading to phishing attacks and credential theft. The vulnerability does not directly impact confidentiality, integrity, or availability of the Open edX Platform itself but poses a risk to user security through social engineering. The CVSS score is 4.7 (medium severity), reflecting the network attack vector, low complexity, no privileges required, user interaction required, and limited confidentiality impact.
Mitigation Recommendations
This vulnerability is fixed in commit 76462f1e5fa9b37d2621ad7ad19514b403908970. Users and administrators should update the Open edX Platform to this commit or a later version that includes the fix. No additional mitigation steps are indicated by the vendor advisory. Patch status is confirmed by the presence of the fixing commit.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-02T17:03:42.074Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d425f60a160ebd92deddc2
Added to database: 4/6/2026, 9:30:30 PM
Last enriched: 5/12/2026, 5:27:50 AM
Last updated: 5/22/2026, 3:08:54 PM
Views: 68
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.