CVE-2026-25651 MEDIUM

CVE-2026-25651: client-certificate-auth has an Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect

Vendor Tgies
Product client-certificate-auth
Weakness CWE-601 · Open redirect
Published February 6, 2026
Last update February 9, 2026

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. This vulnerability is fixed in 1.0.0.

Key dates

02Disclosure timeline

February 6, 2026 CVE published
February 9, 2026 Record updated