What is the severity of CVE-2026-22032?

CVE-2026-22032 has a CVSS v3 score of 6.1, which is classified as Medium severity.

Is there an exploit available for CVE-2026-22032?

No known public exploits are currently available for CVE-2026-22032.

Is there a patch available for CVE-2026-22032?

Yes, patches are available for CVE-2026-22032. Check the vendor advisories for update instructions.

CVE-2026-22032 - CVE Details, Severity, and Analysis

Q: What is CVE-2026-22032?

## Security Advisory: Open Redirect in Directus SAML Authentication ### Summary An open redirect vulnerability exists in the Directus SAML authentication callback endpoint. The `RelayState` parameter is used in redirects without proper validation against an allowlist of permitted domains. ### Vulnerability Description During SAML authentication, the `RelayState` parameter is intended to preserve the user's original destination. However, while the login initiation flow validates redirect targets against allowed domains, this validation is not applied to the callback endpoint. This allows an attacker to craft a malicious authentication request that redirects users to an arbitrary external URL upon completion. The vulnerability is present in both the success and error handling paths of the callback. ### Impact - **Phishing**: Users can be redirected to attacker-controlled sites that mimic legitimate login pages - **Credential theft**: Chained attacks may leverage the redirect to capture OAuth tokens or authorization codes - **Trust erosion**: Users may lose confidence in the application's security posture This vulnerability can be exploited without authentication.

Severity Scores

CVSS v36.1

CVSS v20.0

Priority Score207.0

EPSS Score0.0

Medium

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

6.1

CVSS

No

Exploit

Yes

Patch

Low Priority

no major risk factors

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Security Advisory: Open Redirect in Directus SAML Authentication

Summary

An open redirect vulnerability exists in the Directus SAML authentication callback endpoint. The RelayState parameter is used in redirects without proper validation against an allowlist of permitted domains.

Vulnerability Description

During SAML authentication, the RelayState parameter is intended to preserve the user's original destination. However, while the login initiation flow validates redirect targets against allowed domains, this validation is not applied to the callback endpoint. This allows an attacker to craft a malicious authentication request that redirects users to an arbitrary external URL upon completion.

The vulnerability is present in both the success and error handling paths of the callback.

Impact

Phishing: Users can be redirected to attacker-controlled sites that mimic legitimate login pages
Credential theft: Chained attacks may leverage the redirect to capture OAuth tokens or authorization codes
Trust erosion: Users may lose confidence in the application's security posture

This vulnerability can be exploited without authentication.

CVSS v3 Breakdown

Attack Vector:Network

Attack Complexity:Local

Privileges Required:Network

User Interaction:Required

Scope:Changed

Confidentiality:Local

Integrity:Local

Availability:Network

Patch References

Github.com