CVE-2026-34847 PUBLISHED

hoppscotch: Open redirect via `/enter?redirect=`

Assigner: GitHub_M
Reserved: 30.03.2026 Published: 02.04.2026 Updated: 03.04.2026

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, the /enter page contains a DOM-based open redirect vulnerability. The redirect query parameter is directly used to construct a URL and redirect the user without proper validation. This issue has been patched in version 2026.3.0.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
CVSS Score: 4.7

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	Low
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	hoppscotch
Product	hoppscotch
Versions	Version < 2026.3.0 is affected

References

https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-27pm-c9ch-746q
https://github.com/hoppscotch/hoppscotch/releases/tag/2026.3.0

Problem Types

CWE-601: URL Redirection to Untrusted Site ('Open Redirect') CWE