top of page
perceptive_background_267k.jpg

Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been discovered in Homarr's /auth/login page. The …

Published:

5 April 2026 at 22:00:00

Alert date:

6 April 2026 at 16:03:20

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

A DOM-based Cross-Site Scripting (XSS) vulnerability was discovered in Homarr, an open-source dashboard application. The vulnerability affects versions prior to 1.57.0 and is located in the /auth/login page. The application improperly trusts a URL parameter (callbackUrl) which is passed to redirect and router.push functions. Attackers can craft malicious links that execute arbitrary JavaScript in authenticated users' browsers. This can lead to credential theft, internal network pivoting, and unauthorized actions. The vulnerability has been fixed in version 1.57.0.

Technical details

Mitigation steps:

Affected products:

Homarr

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-33510
https://github.com/homarr-labs/homarr/security/advisories/GHSA-79pg-554g-rw82

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page