Open Redirect

Open redirect occurs when an application redirects to a user‑provided URL without validation.

#appsec#cwe

Last updated: 2025-09-02T00:00:00.000Z

Evidence

CWE CWE-601 Normative evidence
cwe.mitre.org

Mappings

CWE-601

More context

Validate and constrain redirect targets to allowlists; avoid reflecting arbitrary URLs.