MEDIUM
Openedx
CVE published 2026-04-06
CVE-2026-35404
CVE-2026-35404 is an Open edX Platform open redirect vulnerability in the view_survey endpoint. According to the NVD record and GitHub security advisory, the endpoint accepts a redirect_url GET parameter and passes it directly to HttpResponseRedirect() without URL validation. When a survey name does not exist, the server can immediately return an HTTP 302 redirect to an attacker-controlled URL. The same u [truncated]