CVE-2026-27508 Express — Exploit & Vulnerability Details MEDIUM

CVE-2026-27508

MEDIUM CVSS 4.0: 5.1 EPSS 0.03%

Parameter	Value
CVSS	5.1 (MEDIUM)
Affected Versions	before 3.1
Type	CWE-79 (Cross-Site Scripting (XSS))
Vendor	Express
Public PoC	No

Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browsers when clicked through the unsanitized link.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

None

No privileges needed

User Interaction

Active

User action required

Impact Assessment

Confidentiality

None

No data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

References 2

https://community.smoothwall.org/forum/viewtopic.php?t=45095

disclosure@vulncheck.com

https://www.vulncheck.com/advisories/smoothwall-express-reflected-xss-in-redire…

disclosure@vulncheck.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33808

Express

9.1

CVE-2026-33807

Express

9.1

CVE-2026-34899

Express

5.3

CVE-2026-23448

Express

None

CVE-2026-23447

Express

None

Menu

CVE-2026-27508

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-33808

CVE-2026-33807

CVE-2026-34899

CVE-2026-23448

CVE-2026-23447

CVE Details

Editor's Choice

Menu

CVE-2026-27508

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-33808

CVE-2026-33807

CVE-2026-34899

CVE-2026-23448

CVE-2026-23447

CVE Details

Editor's Choice

Stay informed on cybersecurity