CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-40895

follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows a cross-domain redirect (301/302/307/308), follow-redirects only strips authorization, proxy-authorization, and cookie headers (matched by regex at index.js). Any custom authentication header (e.g., X-API-Key, X-Auth-Token, Api-Key, Token) is forwarded verbatim to the redirect target. This vulnerability is fixed in 1.16.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.8%

CVSS Severity

CVSS v3 Score 7.5

References

https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653

Products affected by CVE-2026-40895

Follow-Redirects Project » Follow-Redirects » Version: 0.0.6

cpe:2.3:a:follow-redirects_project:follow-redirects:0.0.6
Follow-Redirects Project » Follow-Redirects » Version: 0.0.7

cpe:2.3:a:follow-redirects_project:follow-redirects:0.0.7
Follow-Redirects Project » Follow-Redirects » Version: 0.1.0

cpe:2.3:a:follow-redirects_project:follow-redirects:0.1.0
Follow-Redirects Project » Follow-Redirects » Version: 0.2.0

cpe:2.3:a:follow-redirects_project:follow-redirects:0.2.0
Follow-Redirects Project » Follow-Redirects » Version: 0.3.0

cpe:2.3:a:follow-redirects_project:follow-redirects:0.3.0
Follow-Redirects Project » Follow-Redirects » Version: 1.0.0

cpe:2.3:a:follow-redirects_project:follow-redirects:1.0.0
Follow-Redirects Project » Follow-Redirects » Version: 1.1.0

cpe:2.3:a:follow-redirects_project:follow-redirects:1.1.0
Follow-Redirects Project » Follow-Redirects » Version: 1.10.0

cpe:2.3:a:follow-redirects_project:follow-redirects:1.10.0
Follow-Redirects Project » Follow-Redirects » Version: 1.11.0

cpe:2.3:a:follow-redirects_project:follow-redirects:1.11.0
Follow-Redirects Project » Follow-Redirects » Version: 1.12.0

cpe:2.3:a:follow-redirects_project:follow-redirects:1.12.0
Follow-Redirects Project » Follow-Redirects » Version: 1.12.1

cpe:2.3:a:follow-redirects_project:follow-redirects:1.12.1
Follow-Redirects Project » Follow-Redirects » Version: 1.13.0

cpe:2.3:a:follow-redirects_project:follow-redirects:1.13.0
Follow-Redirects Project » Follow-Redirects » Version: 1.13.1

cpe:2.3:a:follow-redirects_project:follow-redirects:1.13.1
Follow-Redirects Project » Follow-Redirects » Version: 1.13.2

cpe:2.3:a:follow-redirects_project:follow-redirects:1.13.2
Follow-Redirects Project » Follow-Redirects » Version: 1.13.3

cpe:2.3:a:follow-redirects_project:follow-redirects:1.13.3
Follow-Redirects Project » Follow-Redirects » Version: 1.14.0

cpe:2.3:a:follow-redirects_project:follow-redirects:1.14.0
Follow-Redirects Project » Follow-Redirects » Version: 1.14.1

cpe:2.3:a:follow-redirects_project:follow-redirects:1.14.1
Follow-Redirects Project » Follow-Redirects » Version: 1.14.2

cpe:2.3:a:follow-redirects_project:follow-redirects:1.14.2
Follow-Redirects Project » Follow-Redirects » Version: 1.14.3

cpe:2.3:a:follow-redirects_project:follow-redirects:1.14.3
Follow-Redirects Project » Follow-Redirects » Version: 1.14.4

cpe:2.3:a:follow-redirects_project:follow-redirects:1.14.4
Follow-Redirects Project » Follow-Redirects » Version: 1.14.5

cpe:2.3:a:follow-redirects_project:follow-redirects:1.14.5
Follow-Redirects Project » Follow-Redirects » Version: 1.14.6

cpe:2.3:a:follow-redirects_project:follow-redirects:1.14.6
Follow-Redirects Project » Follow-Redirects » Version: 1.14.7

cpe:2.3:a:follow-redirects_project:follow-redirects:1.14.7
Follow-Redirects Project » Follow-Redirects » Version: 1.14.8

cpe:2.3:a:follow-redirects_project:follow-redirects:1.14.8
Follow-Redirects Project » Follow-Redirects » Version: 1.2.0

cpe:2.3:a:follow-redirects_project:follow-redirects:1.2.0
Follow-Redirects Project » Follow-Redirects » Version: 1.2.1

cpe:2.3:a:follow-redirects_project:follow-redirects:1.2.1
Follow-Redirects Project » Follow-Redirects » Version: 1.2.2

cpe:2.3:a:follow-redirects_project:follow-redirects:1.2.2
Follow-Redirects Project » Follow-Redirects » Version: 1.2.3

cpe:2.3:a:follow-redirects_project:follow-redirects:1.2.3
Follow-Redirects Project » Follow-Redirects » Version: 1.2.4

cpe:2.3:a:follow-redirects_project:follow-redirects:1.2.4
Follow-Redirects Project » Follow-Redirects » Version: 1.2.5

cpe:2.3:a:follow-redirects_project:follow-redirects:1.2.5
Follow-Redirects Project » Follow-Redirects » Version: 1.2.6

cpe:2.3:a:follow-redirects_project:follow-redirects:1.2.6
Follow-Redirects Project » Follow-Redirects » Version: 1.3.0

cpe:2.3:a:follow-redirects_project:follow-redirects:1.3.0
Follow-Redirects Project » Follow-Redirects » Version: 1.4.0

cpe:2.3:a:follow-redirects_project:follow-redirects:1.4.0
Follow-Redirects Project » Follow-Redirects » Version: 1.4.1

cpe:2.3:a:follow-redirects_project:follow-redirects:1.4.1
Follow-Redirects Project » Follow-Redirects » Version: 1.5.0

cpe:2.3:a:follow-redirects_project:follow-redirects:1.5.0
Follow-Redirects Project » Follow-Redirects » Version: 1.5.1

cpe:2.3:a:follow-redirects_project:follow-redirects:1.5.1
Follow-Redirects Project » Follow-Redirects » Version: 1.5.10

cpe:2.3:a:follow-redirects_project:follow-redirects:1.5.10
Follow-Redirects Project » Follow-Redirects » Version: 1.5.2

cpe:2.3:a:follow-redirects_project:follow-redirects:1.5.2
Follow-Redirects Project » Follow-Redirects » Version: 1.5.3

cpe:2.3:a:follow-redirects_project:follow-redirects:1.5.3
Follow-Redirects Project » Follow-Redirects » Version: 1.5.4

cpe:2.3:a:follow-redirects_project:follow-redirects:1.5.4
Follow-Redirects Project » Follow-Redirects » Version: 1.5.5

cpe:2.3:a:follow-redirects_project:follow-redirects:1.5.5
Follow-Redirects Project » Follow-Redirects » Version: 1.5.6

cpe:2.3:a:follow-redirects_project:follow-redirects:1.5.6
Follow-Redirects Project » Follow-Redirects » Version: 1.5.7

cpe:2.3:a:follow-redirects_project:follow-redirects:1.5.7
Follow-Redirects Project » Follow-Redirects » Version: 1.5.8

cpe:2.3:a:follow-redirects_project:follow-redirects:1.5.8
Follow-Redirects Project » Follow-Redirects » Version: 1.5.9

cpe:2.3:a:follow-redirects_project:follow-redirects:1.5.9
Follow-Redirects Project » Follow-Redirects » Version: 1.6.0

cpe:2.3:a:follow-redirects_project:follow-redirects:1.6.0
Follow-Redirects Project » Follow-Redirects » Version: 1.6.1

cpe:2.3:a:follow-redirects_project:follow-redirects:1.6.1
Follow-Redirects Project » Follow-Redirects » Version: 1.7.0

cpe:2.3:a:follow-redirects_project:follow-redirects:1.7.0
Follow-Redirects Project » Follow-Redirects » Version: 1.8.0

cpe:2.3:a:follow-redirects_project:follow-redirects:1.8.0
Follow-Redirects Project » Follow-Redirects » Version: 1.8.1

cpe:2.3:a:follow-redirects_project:follow-redirects:1.8.1
Follow-Redirects Project » Follow-Redirects » Version: 1.9.0

cpe:2.3:a:follow-redirects_project:follow-redirects:1.9.0
Follow-Redirects Project » Follow-Redirects » Version: 1.9.1

cpe:2.3:a:follow-redirects_project:follow-redirects:1.9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-40895

Products

Pricing

Contact Us