CVE-2026-54171 with a CVSS score of 6.5 is a vulnerability affecting excon versions < 1.5.0 in the excon library that allows for the unintended leakage of sensitive data for users of the RedirectFollower middleware when following redirects, potentially impacting all users utilizing this feature. This flaw type involves an insecure direct object reference and can be exploited through user interaction via a web application, requiring no privileges or user interaction to exploit. The business impact of this vulnerability is significant as it could lead to sensitive data exposure for users who rely on the RedirectFollower middleware in their applications.
We recommend you to update Excon to version 1.5.0.[/subscribe_to_unlock_form]
CVE-2026-54171 with a CVSS score of 6.5 is a vulnerability affecting excon versions < 1.5.0 in the excon library that allows for the unintended leakage of sensitive data for users of the RedirectFollower middleware when following redirects, potentially impacting all users utilizing this feature. This flaw type involves an insecure direct object reference and can be exploited through user interaction via a web application, requiring no privileges or user interaction to exploit. The business impact of this vulnerability is significant as it could lead to sensitive data exposure for users who rely on the RedirectFollower middleware in their applications.
We recommend you to update Excon to version 1.5.0.[emaillocker id="1283"]
The following reports contain further technical details:
[/emaillocker]