{"id":"PYSEC-2026-919","summary":"Netflix Security Monkey Open Redirect vulnerability","details":"Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the \"next\" parameter which then redirects to any domain irrespective of the Host header.","aliases":["CVE-2017-7266","GHSA-j6jq-3q8p-xgg6"],"modified":"2026-07-07T11:45:22.003708689Z","published":"2026-07-06T08:03:25.106541Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7266"},{"type":"WEB","url":"https://github.com/Netflix/security_monkey/pull/482"},{"type":"WEB","url":"https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466"},{"type":"PACKAGE","url":"https://github.com/Netflix/security_monkey"},{"type":"WEB","url":"https://github.com/Netflix/security_monkey/releases/tag/v0.8.0"},{"type":"WEB","url":"https://web.archive.org/web/20201220170714/http://www.securityfocus.com/bid/97088"},{"type":"PACKAGE","url":"https://pypi.org/project/security-monkey"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-j6jq-3q8p-xgg6"}],"affected":[{"package":{"name":"security-monkey","ecosystem":"PyPI","purl":"pkg:pypi/security-monkey"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.0"}]}],"versions":["0.4.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/security-monkey/PYSEC-2026-919.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}