CVE-2026-44372
EUVD-2026-3016213.05.2026, 21:16
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| nitro | nitro | 𝑥 < 2.13.4 |
| nitro | nitro | 2.13.4 < 𝑥 < 3.0.260429 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration