๐Ÿ” CVE Alert

CVE-2026-59180

LOW 3.1

Apprise forwards configured auth headers across cross-origin HTTP redirects

CVSS Score
3.1
EPSS Score
0.0%
EPSS Percentile
0th

Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins and HTTP attachment and config loaders in apprise/attachment/http.py and apprise/config/http.py follow HTTP redirects by default and resend user-configured auth headers and query parameters on the redirected request, allowing a compromised trusted destination or on-path attacker to receive secrets such as Authorization headers, bearer tokens, custom headers, and service keys. This issue is fixed in version 1.11.0.

CWE CWE-200 CWE-601
Vendor caronc
Product apprise
Published Jul 10, 2026
Last Updated Jul 10, 2026
Stay Ahead of the Next One

Get instant alerts for caronc apprise

Be the first to know when new low vulnerabilities affecting caronc apprise are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Affected Versions

caronc / apprise
< 1.11.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/caronc/apprise/security/advisories/GHSA-856c-92hv-3vxx github.com: https://github.com/caronc/apprise/pull/1610 github.com: https://github.com/caronc/apprise/commit/68c0aef218055e4586cf4605fd6b56358f5f462d github.com: https://github.com/caronc/apprise/releases/tag/v1.11.0