PT-2026-25878 · Unknown · Url Redirect Extension

Guido Schmechel

Published

2026-03-17

Updated

2026-03-17

CVE-2026-4202

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. (affected versions not specified)

Description The extension does not properly verify if an authenticated user has the necessary permissions to access redirects. This results in the exposure of redirect records when a page is edited. The issue concerns a failure in permission checks related to redirect access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authorization

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-200

Related Identifiers

CVE-2026-4202

GHSA-755R-R738-MJGP

Affected Products

Url Redirect Extension

PT-2026-25878 · Unknown · Url Redirect Extension

CVE-2026-4202

Weakness Enumeration

Related Identifiers

Affected Products

References · 7