CVE-2026-42207: CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in OpenMage magento-lts
An open redirect vulnerability (CWE-601) exists in OpenMage magento-lts versions prior to 20. 18. 0. The vulnerability occurs in the Mage_ProductAlert_AddController::stockAction() method, which reads the 'uenc' query parameter and redirects to it without validating if the URL is internal. This allows an attacker to craft a URL that redirects users to an untrusted external site when the product_id parameter does not match any catalog product. The issue is fixed in version 20. 18. 0.
AI Analysis
Technical Summary
OpenMage magento-lts before version 20.18.0 contains an open redirect vulnerability in the Mage_ProductAlert_AddController::stockAction() method. The method reads the 'uenc' query parameter and passes it directly to the internal redirect function without verifying if the URL is internal. If the product_id parameter does not correspond to any product in the catalog, the server issues an HTTP 302 redirect to the URL specified in 'uenc', enabling an attacker to redirect users to arbitrary external sites. This vulnerability is addressed in version 20.18.0.
Potential Impact
Successful exploitation allows an attacker to redirect users to arbitrary external URLs, potentially facilitating phishing attacks or other social engineering tactics. The CVSS 3.1 base score is 6.1 (medium severity), reflecting the network attack vector, low attack complexity, no privileges required, user interaction required, and partial impact on confidentiality and integrity. There is no indication of availability impact or known exploits in the wild.
Mitigation Recommendations
Upgrade OpenMage magento-lts to version 20.18.0 or later, where this vulnerability is fixed. Since no official patch link or vendor advisory is provided, verify the upgrade from the official OpenMage project sources. Until upgraded, avoid using affected versions in environments where untrusted input could be passed to the vulnerable endpoint.
CVE-2026-42207: CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in OpenMage magento-lts
Description
An open redirect vulnerability (CWE-601) exists in OpenMage magento-lts versions prior to 20. 18. 0. The vulnerability occurs in the Mage_ProductAlert_AddController::stockAction() method, which reads the 'uenc' query parameter and redirects to it without validating if the URL is internal. This allows an attacker to craft a URL that redirects users to an untrusted external site when the product_id parameter does not match any catalog product. The issue is fixed in version 20. 18. 0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
OpenMage magento-lts before version 20.18.0 contains an open redirect vulnerability in the Mage_ProductAlert_AddController::stockAction() method. The method reads the 'uenc' query parameter and passes it directly to the internal redirect function without verifying if the URL is internal. If the product_id parameter does not correspond to any product in the catalog, the server issues an HTTP 302 redirect to the URL specified in 'uenc', enabling an attacker to redirect users to arbitrary external sites. This vulnerability is addressed in version 20.18.0.
Potential Impact
Successful exploitation allows an attacker to redirect users to arbitrary external URLs, potentially facilitating phishing attacks or other social engineering tactics. The CVSS 3.1 base score is 6.1 (medium severity), reflecting the network attack vector, low attack complexity, no privileges required, user interaction required, and partial impact on confidentiality and integrity. There is no indication of availability impact or known exploits in the wild.
Mitigation Recommendations
Upgrade OpenMage magento-lts to version 20.18.0 or later, where this vulnerability is fixed. Since no official patch link or vendor advisory is provided, verify the upgrade from the official OpenMage project sources. Until upgraded, avoid using affected versions in environments where untrusted input could be passed to the vulnerable endpoint.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-25T05:04:37.027Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a075665ec166c07b072346c
Added to database: 5/15/2026, 5:22:45 PM
Last enriched: 5/15/2026, 5:37:43 PM
Last updated: 5/15/2026, 6:23:27 PM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.