Comfortablycoding

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.16.1 Description Directus is susceptible to an open redirect issue through the `redirect` parameter on the `/admin/tfa-setup` page. An administrator who has not configured Two-Factor Authentication (2FA) may be redirected to an attacker-controlled URL after completing the 2FA setup process, as the application lacks validation of the redirect destination. This could be leveraged in phishing attacks targeting Directus administrators. Recommendations Update to version 11.16.1 or later.