ByteOS Network

Vulnerability Details :

CVE-2026-44372

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-13 May, 2026 | 20:30

Updated At-14 May, 2026 | 15:47

Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:GitHub_M

Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa

Published At:13 May, 2026 | 20:30

Updated At:14 May, 2026 | 15:47

▼CVE Numbering Authority (CNA)

Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules

Affected Products

Vendor

nitrojs

Product

nitro

Versions

Affected

< 3.0.260429-beta

Vendor

nitrojs

Product

nitropack

Versions

Affected

< 2.13.4

Problem Types

Type	CWE ID	Description
CWE	CWE-601	CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Type: CWE

CWE ID: CWE-601

Description: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Metrics

Version	Base score	Base severity	Vector
4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

References

Hyperlink	Resource
https://github.com/nitrojs/nitro/security/advisories/GHSA-9phm-9p8f-hw5m	x_refsource_CONFIRM
https://github.com/nitrojs/nitro/pull/4236	x_refsource_MISC
https://github.com/nitrojs/nitro/releases/tag/v2.13.4	x_refsource_MISC
https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta	x_refsource_MISC

Hyperlink: https://github.com/nitrojs/nitro/security/advisories/GHSA-9phm-9p8f-hw5m

Resource:

x_refsource_CONFIRM

Hyperlink: https://github.com/nitrojs/nitro/pull/4236

Resource:

x_refsource_MISC

Hyperlink: https://github.com/nitrojs/nitro/releases/tag/v2.13.4

Resource:

x_refsource_MISC

Hyperlink: https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security-advisories@github.com

Published At:13 May, 2026 | 21:16

Updated At:14 May, 2026 | 16:57

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X