CakePHP Authentication: Open redirect weakness via backslash bypass
The getLoginRedirect() method contains a weakness to backslash bypasses allowing redirect targets with attacker controlled hostnames.
Advisories for Composer/Cakephp/Authentication package
2026