Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-34847 PoC — hoppscotch: Open redirect via `/enter?redirect=`

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-34847.yaml
Associated Vulnerability
Title:hoppscotch: Open redirect via `/enter?redirect=` (CVE-2026-34847)
Description:hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, the /enter page contains a DOM-based open redirect vulnerability. The redirect query parameter is directly used to construct a URL and redirect the user without proper validation. This issue has been patched in version 2026.3.0.
Description
Hoppscotch <= 2026.2.1 is vulnerable to a DOM-based open redirect on the /enter page. The redirect query parameter is passed directly to windowz location.href with no origin validation. Requires one additional query parameter to trigger. Exploited via a crafted URL such as /enter?redirect=evil.com&foo=bar.
File Snapshot

 id: CVE-2026-34847

info:
  name: Hoppscotch <= 2026.2.1 - Open Redirect
  author: ritikchaddha
  se

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →