Pachno 1.0.6 Open Redirection via return_to Parameter

Description

Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the return_to parameter. Attackers can craft malicious login URLs with unvalidated return_to values to conduct phishing attacks and steal user credentials.

Affected Products

Vendor	Product	Versions
pachno	pachno	1.0.6

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5981.php(third-party-advisory)
https://www.vulncheck.com/advisories/pachno-open-redirection-via-return-to-parameter(third-party-advisory)

Related News (1 articles)

Tier C

VulDB5d ago

CVE-2026-40039 | Pachno 1.0.6 return_to authentication bypass (ZSL-2026-5981)

→ No new info (linked only)

CVSS 3.16.5 NONE

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-305

PublishedApr 13, 2026

Last enriched5d agov2

Trending Score17

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (4)

Version History

Last enriched 5d ago

v2Tier C5d ago

Updated description with more technical detail, changed severity to HIGH, and marked as actively exploited.

descriptionseverityactivelyExploited

via VulDB

v15d ago

Initial creation