CVE-2026-28681 - Internet Routing Registry daemon - Open Redirect & Account Takeover

Overview

Internet Routing Registry daemon 4.4.0 to <4.4.5 and 4.5.0 to <4.5.1 contains an open redirect caused by HTTP Host header manipulation in password reset and account creation, letting attackers hijack accounts via confirmation link, exploit requires victim to open attacker-controlled link.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 5.5%(Probability of exploitation in next 30 days)

Impact

Attackers can take over user accounts and modify RPSL objects, potentially impacting network routing data integrity.

Mitigation

Update to versions 4.4.5 or 4.5.1 or later.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Mar 6, 2026

🟠 CVE-2026-28681 - High (8.1) Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. From version 4.4.0 to before version 4.4.5 and from version 4.5.0 to before version 4.5.1, an attacker can manipulate the HTTP Host he... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28681/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

Mar 6, 2026

🟠 CVE-2026-28681 - High (8.1) Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. From version 4.4.0 to before version 4.4.5 and from version 4.5.0 to before version 4.5.1, an attacker can manipulate the HTTP Host he... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28681/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

CVE-2026-28681 - Vulnerability Analysis

Overview

Severity & Score

Impact

Mitigation

References

Social Media Activity(2 posts)

Related Resources

Details

CWE

CVSS Metrics

EPSS Score