PatchSiren

Password Manager CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Password Manager CVE published 2026-06-17

CVE-2026-10839

CVE-2026-10839 is an open redirection vulnerability in the authentication system of Password Manager. An attacker can manipulate the X-Forwarded-Host header to alter generated URLs, potentially redirecting authenticated users to malicious sites after login or interaction with the interface. This vulnerability has a CVSS score of 5.1 and a MEDIUM severity level. Users of Password Manager, especially those [truncated]

MEDIUM Password Manager CVE published 2026-06-17

CVE-2026-10837

CVE-2026-10837 is an open redirection vulnerability in Password Manager caused by insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited impact on confidentiality and integrity. This vulnerability has a [truncated]