Human
Machine
REPRO-2026-00109 HIGH Open Redirect
Verified
Feathers OAuth Open Redirect Account Takeover
@feathersjs/authentication-oauth (npm) Feb 20, 2026
What's the vulnerability?
Open redirect in OAuth callback enables account takeover via URL authority injection
Root Cause Analysis
Open redirect in OAuth callback enables account takeover via URL authority injection
One Command
Verify with pruva-verify
Run the Pruva CLI to automatically fetch and execute the reproduction script.
pruva-verify REPRO-2026-00109 or
pruva-verify GHSA-ppf9-4ffw-hh4p or
pruva-verify CVE-2026-27191 Install:
curl -fsSL https://pruva.dev/install.sh | sh Or Run Manually
1
Download the script
curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00109/artifacts/reproduction_steps.sh 2
Make executable
chmod +x reproduction_steps.sh 3
Run the script
./reproduction_steps.sh Run in a VM, container, or disposable environment. This exploits a real vulnerability.
How Pruva Reproduced This
Watch the AI agent's step-by-step process.
Loading session...
Artifacts
No artifacts available