CVE-2026-11477

MEDIUM 4.3

hs-web hsweb-framework OAuth2 Client OAuth2Client.java OAuth2Client redirect

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

10th

A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in open redirect. The attack can be executed remotely. The exploit is now public and may be used. The patch is identified as c2882679a9125cea52678151af5ae213cbd52579. Applying a patch is advised to resolve this issue.

CWE	CWE-601
Vendor	hs-web
Product	hsweb-framework
Published	Jun 8, 2026
Last Updated	Jun 8, 2026

Stay Ahead of the Next One

Get instant alerts for hs-web hsweb-framework

Be the first to know when new medium vulnerabilities affecting hs-web hsweb-framework are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

hs-web / hsweb-framework

5.0.0 5.0.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/369097 vuldb.com: https://vuldb.com/vuln/369097/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11477 vuldb.com: https://vuldb.com/submit/833962 github.com: https://github.com/hs-web/hsweb-framework/issues/354 github.com: https://github.com/hs-web/hsweb-framework/pull/355 github.com: https://github.com/hs-web/hsweb-framework/commit/c2882679a9125cea52678151af5ae213cbd52579 github.com: https://github.com/hs-web/hsweb-framework/

Credits

🔍 0Xrry (VulDB User)