CVE-2026-22032

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.14.0

Description Directus is a real-time API and App dashboard for managing SQL database content. An open redirect exists in the Directus SAML authentication callback endpoint. The RelayState parameter, intended to preserve the user's original destination, is not validated for redirect targets during the callback process, allowing an attacker to redirect users to an arbitrary external URL upon authentication completion. This can be exploited without authentication and is present in both success and error handling paths of the callback.

Recommendations Versions prior to 11.14.0 should be updated to version 11.14.0 or later.