CVE-2026-42207— Magento LTS: Open Redirect via Unvalidated `uenc` Parameter in `stockAction()` - magento-lts
Possible ATT&CK Techniques 2AI
T1190 · Exploit Public-Facing Application T1189 · Drive-by CompromiseAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OpenMage | magento-lts | < 20.18.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-42207
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Magento LTS: Open Redirect via Unvalidated `uenc` Parameter in `stockAction()` - magento-lts
Source: NVD (National Vulnerability Database)
Vulnerability Description
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, Mage_ProductAlert_AddController::stockAction() reads the uenc query parameter and passes it directly to $this->_redirectUrl($backUrl) without calling $this->_isUrlInternal(). When the supplied product_id does not match any catalog product, the server issues an unvalidated HTTP 302 redirect to whatever URL was provided as uenc. This vulnerability is fixed in 20.18.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| OpenMage | magento-lts | < 20.18.0 | - |
II. Public POCs for CVE-2026-42207
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-42207
请登录查看更多情报信息。
Same Patch Batch · OpenMage · 2026-05-15 · 3 CVEs total
| CVE-2026-42155 | Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs | |
| CVE-2026-42458 | Magento LTS: Reflected XSS - Import -> Data Flow (profiles) |
IV. Related Vulnerabilities
Same product: magento-lts
- CVE-2026-42155
Magento LTS: Weak API Session ID — Predictable MD5 of Time-D - CVE-2026-42458
Magento LTS: Reflected XSS - Import -> Data Flow (profiles) - CVE-2026-40488
OpenMage LTS has Customer File Upload Extension Blocklist By - CVE-2026-40098
OpenMage LTS imports cross-user wishlist item via shared wis - CVE-2026-25525
OpenMage LTS has Path Traversal Filter Bypass in Dataflow Mo
Same vendor: OpenMage
- CVE-2026-42155
Magento LTS: Weak API Session ID — Predictable MD5 of Time-D - CVE-2026-42458
Magento LTS: Reflected XSS - Import -> Data Flow (profiles) - CVE-2026-40488
OpenMage LTS has Customer File Upload Extension Blocklist By - CVE-2026-40098
OpenMage LTS imports cross-user wishlist item via shared wis - CVE-2026-25525
OpenMage LTS has Path Traversal Filter Bypass in Dataflow Mo
Same weakness: CWE-601
- CVE-2026-44427
MCP Registry: Open Redirect - CVE-2026-44520
Docling-Graph: SSRF via Missing Internal IP Validation in UR - CVE-2026-45448
ntopng - CWE-601: URL Redirection to Untrusted Site ('Open R - CVE-2026-44503
Kiota abstractions RedirectHandler leaks Cookie/Proxy-Author - CVE-2026-44372
Nitro: Open Redirect via Protocol-Relative URL Bypass in Wil
V. Comments for CVE-2026-42207
No comments yet