🚨 BREAKING

DivvyDrive Open Redirect Vulnerability CVE-2026-6795 Rated Critical

/CRITICAL /CVSS 9.6/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvecriticalhigh-severityopen-redirectcwe-601
DivvyDrive Open Redirect Vulnerability CVE-2026-6795 Rated Critical

The National Vulnerability Database (NVD) has detailed CVE-2026-6795, a critical URL redirection to untrusted site (‘open redirect’) vulnerability affecting DivvyDrive Information Technologies Inc. DivvyDrive. This flaw, present in versions from 4.8.2.9 before 4.8.3.2, allows for parameter injection, enabling attackers to craft malicious links that redirect users to arbitrary, untrusted websites.

Rated with a CVSS score of 9.6 (CRITICAL), this vulnerability carries significant risk. The CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H indicates it’s network-exploitable with low attack complexity, requiring user interaction (e.g., clicking a link), but leading to high confidentiality, integrity, and availability impacts. This is a classic phishing vector, where trust in a legitimate domain is leveraged to deliver malware or steal credentials.

Defenders need to understand the attacker’s calculus here: social engineering is cheap and effective. An open redirect turns a legitimate domain into a weaponized URL shortener. For organizations using DivvyDrive, patching is non-negotiable. This isn’t theoretical; this is how initial access often begins, leading to much larger incidents.

What This Means For You

  • If your organization uses DivvyDrive, you need to immediately identify all instances running versions from 4.8.2.9 through 4.8.3.1. Patching to version 4.8.3.2 or higher is critical to mitigate CVE-2026-6795. Audit any public-facing DivvyDrive links for suspicious redirection patterns, and educate users on the dangers of phishing links, even if they appear to originate from a trusted domain.

Indicators of Compromise

IDTypeIndicator
CVE-2026-6795 Open Redirect DivvyDrive Information Technologies Inc. DivvyDrive
CVE-2026-6795 Open Redirect DivvyDrive versions from 4.8.2.9 before 4.8.3.2
CVE-2026-6795 Open Redirect Parameter Injection

Written by SCW Vulnerability Desk

🔎
Check Your Exposure to Critical CVEs Use /brief to get an analyst-ready weekly threat summary with severity rankings, including critical CVEs like this one.
Open Intel Bot →
Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 07, 2026 at 17:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-44264 — Weblate is a web based localization tool. Prior to version

CVE-2026-44264 — Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't...

vulnerabilityCVEmedium-severitycwe-80
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs

CVE-2026-44263 — Weblate is a web based localization tool. Prior to version

CVE-2026-44263 — Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of...

vulnerabilityCVEmedium-severitycwe-203
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 6 Sigma

gnutls CVE-2026-42011: Certificate Validation Bypass Poses MITM Risk

CVE-2026-42011 — A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had...

vulnerabilityCVEhigh-severitycwe-295
/SCW Vulnerability Desk /HIGH /7.4 /⚑ 2 IOCs