{"id":"PYSEC-2026-1868","summary":"reflex-dev/reflex has an Open Redirect vulnerability","details":"### Mitigation\n\nMake sure `GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN` is not set in a production environment. So the following is correct:\n\n```\nassert os.getenv(\"GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN\") is None\n```\n\n### **Vulnerability Description**\n\n---\n\n**Vulnerability Overview**\n \n- When the GET /auth-codespace page loads in a GitHub Codespaces environment, it automatically assigns the redirect_to query parameter value directly to client-side links without any validation and triggers automatic clicks. This allows attackers to redirect users to arbitrary external URLs.\n- The route is only registered when a Codespaces environment is detected, and the detection is controlled by environment variables. This means that the same behavior can be activated in production if the corresponding environment variable is set.\n\n**Vulnerable Code Analysis**\n \n\nhttps://github.com/reflex-dev/reflex/blob/51f9f2c2f52cac4d66c07683a12bc0237311b6be/reflex/utils/codespaces.py#L18-L46\n\n- This code assigns the redirect_to query parameter directly to a.href without any validation and immediately triggers a click (automatic navigation), allowing users to be sent to arbitrary external domains, resulting in an open redirect vulnerability.\n- The execution condition is simply based on the presence of a sessionStorage flag, meaning it triggers immediately on first visits or in incognito/private browsing windows, with no server-side origin/scheme whitelist or internal path enforcement defenses in place.\n\n### PoC\n\n---\n\n**PoC Description**\n \n\n\u003cimg width=\"623\" height=\"497\" alt=\"image\" src=\"https://github.com/user-attachments/assets/55ef4828-09fa-451b-a7cc-8fcaad6a2a21\" /\u003e\n\n\n- Used the production configuration from docker-example (docker-example/production-compose).\n- Added a Codespaces detection environment variable to the app container in compose.yaml to forcibly expose the route.\n- GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN: dummy\n- The reverse proxy (Caddy) needs to be configured to forward /auth-codespace to the backend (required depending on the environment).\n\n**curl Example**\n\n\n```\nhttps://localhost/auth-codespace?redirect_to=http://google.com\n```\n\n**PoC MP4**\nhttps://file.notion.so/f/f/d105d145-04bc-45c5-b46c-ed880895e9de/a86c3e3b-f67f-45d1-8fa2-4aa0ba7d0068/poc.mp4?table=block&id=26955717-5d2e-805a-b53c-e25ee03f1d4b&spaceId=d105d145-04bc-45c5-b46c-ed880895e9de&expirationTimestamp=1760508000000&signature=ZPp8PVldfGOh0gB5tVElRV6GN789R-EG0oxZgkFjjLU&downloadName=poc.mp4\n\n\u003cimg width=\"1917\" height=\"949\" alt=\"image\" src=\"https://github.com/user-attachments/assets/e565dc4e-a59b-44d4-a92a-ebf128489e88\" /\u003e\n\n\u003cimg width=\"1913\" height=\"977\" alt=\"image\" src=\"https://github.com/user-attachments/assets/496fa585-76ea-4d2d-80f8-0ab79f51229e\" /\u003e\n\n\n\n\n### Impact\n\n---\n\n**Phishing/Social Engineering Attacks**\n\n\nUsers can be exploited by immediately redirecting from a trusted domain to external malicious sites, taking advantage of user trust. This enables login page spoofing, credential harvesting, and redirection to malware distribution pages.\n\n**Authentication/Session Flow Disruption**\n \n\nWhen users with valid sessions/cookies from the same origin click the link, they are redirected to unintended external domains, which can bypass or disrupt authentication/authorization flows. When combined with redirect-based flows like OAuth/OIDC, this can escalate into security incidents.","aliases":["CVE-2025-62379","GHSA-rfh5-c9h5-q8jm"],"modified":"2026-07-07T17:47:00.306257423Z","published":"2026-07-07T16:03:07.777195Z","references":[{"type":"WEB","url":"https://github.com/reflex-dev/reflex/security/advisories/GHSA-rfh5-c9h5-q8jm"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62379"},{"type":"WEB","url":"https://github.com/reflex-dev/reflex/commit/ade12549f3c0ddab3d7382c581bc04a3c1f989ec"},{"type":"WEB","url":"https://file.notion.so/f/f/d105d145-04bc-45c5-b46c-ed880895e9de/a86c3e3b-f67f-45d1-8fa2-4aa0ba7d0068/poc.mp4?table=block&id=26955717-5d2e-805a-b53c-e25ee03f1d4b&spaceId=d105d145-04bc-45c5-b46c-ed880895e9de&expirationTimestamp=1760508000000&signature=ZPp8PVldfGOh0gB5tVElRV6GN789R-EG0oxZgkFjjLU&downloadName=poc.mp4"},{"type":"PACKAGE","url":"https://github.com/reflex-dev/reflex"},{"type":"WEB","url":"https://github.com/reflex-dev/reflex/blob/51f9f2c2f52cac4d66c07683a12bc0237311b6be/reflex/utils/codespaces.py#L18-L46"},{"type":"PACKAGE","url":"https://pypi.org/project/reflex"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-rfh5-c9h5-q8jm"}],"affected":[{"package":{"name":"reflex","ecosystem":"PyPI","purl":"pkg:pypi/reflex"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.5.4"},{"last_affected":"0.8.14"}]}],"versions":["0.5.10","0.5.10.post1","0.5.10a1","0.5.10a2","0.5.10a3","0.5.4","0.5.5","0.5.5a1","0.5.5a2","0.5.6","0.5.6a1","0.5.6a2","0.5.7","0.5.7a1","0.5.8","0.5.8a1","0.5.9","0.5.9.dev1","0.5.9a1","0.6.0","0.6.0a1","0.6.0a2","0.6.0a3","0.6.0a4","0.6.1","0.6.1a1","0.6.1a2","0.6.2","0.6.2.post1","0.6.2a1","0.6.2a2","0.6.3","0.6.3.post1","0.6.3a1","0.6.3a2","0.6.3a3","0.6.3a4","0.6.4","0.6.4a1","0.6.4a2","0.6.4a3","0.6.5","0.6.5a1","0.6.5a2","0.6.5a3","0.6.6","0.6.6.post1","0.6.6.post2","0.6.6.post3","0.6.6a1","0.6.6a2","0.6.6a3","0.6.7","0.6.7a1","0.6.7a2","0.6.8","0.6.8.post1","0.6.8a1","0.6.8a2","0.7.0","0.7.0.post1","0.7.0a1","0.7.0a2","0.7.0a3","0.7.0a4","0.7.0a5","0.7.1","0.7.1.post1","0.7.10","0.7.10.post1","0.7.10a1","0.7.11","0.7.11a1","0.7.12","0.7.12a1","0.7.13","0.7.13a1","0.7.13a2","0.7.14","0.7.14a1","0.7.14a2","0.7.14a3","0.7.14a4","0.7.14a5","0.7.14a6","0.7.1a1","0.7.1a2","0.7.1a3","0.7.1a4","0.7.1a5","0.7.2","0.7.2.dev1","0.7.2.post1","0.7.2a1","0.7.2a2","0.7.3","0.7.3.post1","0.7.3a1","0.7.3a2","0.7.4","0.7.4.post1","0.7.4a0","0.7.4a1","0.7.4a2","0.7.4a3","0.7.5","0.7.5.post1","0.7.5a1","0.7.6","0.7.6.post1","0.7.6a0","0.7.6a1","0.7.7","0.7.7.post1","0.7.7a1","0.7.7a2","0.7.8","0.7.8.post1","0.7.8a1","0.7.9","0.7.9.post1","0.7.9a1","0.7.9a2","0.8.0","0.8.0.post1","0.8.0a1","0.8.0a2","0.8.0a3","0.8.0a4","0.8.0a5","0.8.0a6","0.8.0a7","0.8.1","0.8.1.post1","0.8.10","0.8.10a1","0.8.11","0.8.11a1","0.8.12","0.8.12a1","0.8.12a2","0.8.13","0.8.13a1","0.8.14","0.8.14a1","0.8.14a2","0.8.1a1","0.8.1a2","0.8.2","0.8.2a1","0.8.3","0.8.3a1","0.8.3a2","0.8.3a3","0.8.4","0.8.4a1","0.8.4a2","0.8.5","0.8.5a1","0.8.5a2","0.8.6","0.8.6a0","0.8.6a1","0.8.7","0.8.7a1","0.8.8","0.8.8a1","0.8.8a2","0.8.9","0.8.9a1","0.8.9a2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/reflex/PYSEC-2026-1868.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}