Linagora Twake URL Redirection Vulnerability Allowing Sensitive Information Disclosure and Arbitrary Code Execution

Vulnerability

A URL redirection vulnerability has been identified in Linagora Twake version 2023.Q1.1223. This issue allows attackers to redirect users to untrusted websites, potentially leading to phishing attacks or the exposure of sensitive information. Additionally, the vulnerability could be exploited to execute arbitrary code.

Impact

Exploitation of this vulnerability could result in unauthorized redirection of users to malicious sites, with potential consequences such as phishing or data exposure, along with the execution of arbitrary code.

Added: Mar 9, 2026, 5:19 PM

Updated: Mar 9, 2026, 5:19 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

6.2

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

6.2

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linagora Twake URL Redirection Vulnerability Allowing Sensitive Information Disclosure and Arbitrary Code Execution

Vulnerability

Impact

Affected Products

linagora Twake

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating