NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-44372

Summary	Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta.
Publication Date	May 14, 2026, 6:16 a.m.
Registration Date	May 15, 2026, 4:23 a.m.
Last Update	May 15, 2026, 1:57 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/nitrojs/nitro/pull/4236	security-advisories@github.com
2	https://github.com/nitrojs/nitro/releases/tag/v2.13.4	security-advisories@github.com
3	https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta	security-advisories@github.com
4	https://github.com/nitrojs/nitro/security/advisories/GHSA-9phm-9p8f-hw5m	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-601	オープンリダイレクト	https://cwe.mitre.org/data/definitions/601.html