CVE-2026-34931
CRITICAL WAF: Medium
CVSS 9.6
Published: 2026-04-02
CWE-601
hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. With these tokens, the attacker can sign in as the victim to takeover their account. This issue has been patched in version 2026.3.0.
WAF Coverage Analysis
Open Redirect
Medium WAF Coverage
OWASP: A01:2021 Broken Access Control
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| hoppscotch | hoppscotch | up to 2026.3.0 |
References
- github.com (Release Notes)
- github.com (Exploit, Vendor Advisory)