CVE-2026-2709 | busy up to 2.5.5 Callback app.js state redirect (Issue 2287)

A vulnerability was found in busy up to 2.5.5. It has been declared as problematic. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect.

This vulnerability is registered as CVE-2026-2709. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More