PatchSiren cyber security CVE debrief
CVE-2026-55590 cakephp CVE debrief
The CakePHP Authentication plugin has a vulnerability prior to versions 2.11.1, 3.3.6, and 4.1.1. The getLoginRedirect() method contains a weakness to backslash bypasses, allowing redirect targets with attacker-controlled hostnames through the redirect query string parameter. This issue affects developers and administrators using the plugin. Patches are available to prevent potential redirects to malicious hostnames.
- Vendor
- cakephp
- Product
- authentication
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-13
Who should care
Developers and administrators using CakePHP Authentication plugin versions prior to 2.11.1, 3.3.6, and 4.1.1 should apply patches to prevent potential redirects to malicious hostnames. Security teams and vulnerability management teams should review and track this vulnerability.
Technical summary
The vulnerability exists in the getLoginRedirect() method of the CakePHP Authentication plugin. An attacker can exploit this weakness by providing a specially crafted redirect query string parameter, potentially redirecting users to malicious hostnames. Affected versions are prior to 2.11.1, 3.3.6, and 4.1.1. Developers should apply patches or restrict redirect query string parameters. This issue affects developers and administrators using the plugin, who should review official advisories and track vendor updates to ensure secure configurations and protect against potential redirects to malicious hostnames.
Defensive priority
Medium
Recommended defensive actions
- Apply patches to upgrade to CakePHP Authentication plugin versions 2.11.1, 3.3.6, or 4.1.1.
- Review and restrict redirect query string parameters to prevent potential bypasses.
- Monitor for suspicious redirect activity.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-07-09T19:17:06.670Z and last modified on 2026-07-13T17:09:24.243Z. The NVD entry is currently Analyzed. Evidence is limited to CVE and NVD information. Defenders should verify affected deployments, review official advisories, and track vendor updates.
Official resources
-
CVE-2026-55590 CVE record
CVE.org
-
CVE-2026-55590 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Mitigation or vendor reference
[email protected] - Release Notes
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T19:17:06.670Z and has not been modified since then. The NVD entry is currently Analyzed.