client-certificate-auth has an Open Redirect via Host Header Injection in...

6.1 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. This vulnerability is fixed in 1.0.0.

Basic Information

ID CVE-2026-25651

Source GitHub_M

Published Feb 6, 2026 at 18:50

Affected Product

Vendor tgies

Product client-certificate-auth

Version >= 0.2.1, < 1.0.0

Affected Versions tgies client-certificate-auth >= 0.2.1, < 1.0.0

CWE Classification

CWE-601

References

{
    "lastseen": "",
    "description": "client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. This vulnerability is fixed in 1.0.0.",
    "published": "2026-02-06T18:50:26.046Z",
    "modified": "2026-02-06T18:50:26.046Z",
    "type": "cve",
    "title": "client-certificate-auth has an Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect",
    "source": "GitHub_M",
    "references": "https://github.com/tgies/client-certificate-auth/security/advisories/GHSA-m4w9-gch5-c2g4\nhttps://github.com/tgies/client-certificate-auth/releases/tag/v1.0.0",
    "id": "CVE-2026-25651",
    "bulletinFamily": "",
    "cwe": [
        "CWE-601"
    ],
    "cvelist": null,
    "sourceData": "tgies client-certificate-auth >= 0.2.1, < 1.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "client-certificate-auth",
    "version": ">= 0.2.1, < 1.0.0",
    "vendor": "tgies",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

client-certificate-auth has an Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect_CVE-2026-25651