CVE-2026-30346

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL.

medium 4.3 CVSS 3.1

Published: Apr 27, 2026

Modified: Apr 27, 2026

Description

References

https://gist.github.com/syphonetic/d4e519904aaa55dbd0e3b87a317660d1
https://github.com/hunvreus/devpush
https://github.com/hunvreus/devpush/releases/tag/0.3.2

Version	3.1
Score	4.3 / 10
Severity	medium