PT-2026-20646 · Busy · Busy
Zast.Ai
·
Published
2026-02-19
·
Updated
2026-02-19
·
CVE-2026-2709
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
busy versions 2.5.5 and earlier
Description
A flaw exists in busy that could allow for open redirect attacks. The issue is located within an unknown function in the file
source-code/busy-master/src/server/app.js of the Callback Handler component. Manipulation of the state argument can trigger the flaw. The attack can be launched remotely. The project has been informed of the issue but has not yet responded.Recommendations
Update to a version newer than 2.5.5.
Exploit
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Busy