CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 based applications. Prior to 2.11.1, 3.3.6, and 4.1.1, the getLoginRedirect() method contains a weakness to backslash bypasses that allows redirect targets with attacker-controlled hostnames through the redirect query string parameter. This issue is fixed in versions 2.11.1, 3.3.6, and 4.1.1.
https://github.com/cakephp/authentication/security/advisories/GHSA-hhpq-7wg4-36jm
https://github.com/cakephp/authentication/releases/tag/4.1.1
https://github.com/cakephp/authentication/releases/tag/3.3.6
https://github.com/cakephp/authentication/releases/tag/2.11.1
https://github.com/cakephp/authentication/pull/799
https://github.com/cakephp/authentication/pull/796
https://github.com/cakephp/authentication/pull/795
https://github.com/cakephp/authentication/commit/ee24bd48b9c3ef693dc9965de8f0cc8020a7052c
https://github.com/cakephp/authentication/commit/df28ea4e712f1e5bd0e42be4a3c5c750ca50764d
https://github.com/cakephp/authentication/commit/1c1e29c7e8129cfbcae74558316ecd3ea50a8273
Published: 2026-07-09
Updated: 2026-07-13
Base Score: 6.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
Severity: Medium
Base Score: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: Medium
Base Score: 5.1
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Severity: Medium
EPSS: 0.00578