CVE-2026-35408: Directus OAuth Interception Vulnerability (HIGH)
Plattform
nodejs
Komponente
directus
Behoben in
11.17.0
CVE-2026-35408 is a vulnerability in Directus's Single Sign-On (SSO) login pages related to the lack of a `Cross-Origin-Opener-Policy` (COOP) HTTP response header. This allows a malicious cross-origin window to intercept and redirect the OAuth authorization flow. This issue is fixed in Directus version 11.17.0.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-35408?
CVE-2026-35408 is a vulnerability in Directus that allows attackers to intercept and redirect the OAuth authorization flow due to a missing COOP header.
Am I affected by CVE-2026-35408?
You are affected if you are using a version of Directus prior to 11.17.0.
How can I fix CVE-2026-35408?
Upgrade your Directus instance to version 11.17.0 or later to resolve this vulnerability.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten