NVD · CVE-2026-30346

CVE-2026-30346

Published: Mon, 27 Apr 2026 17:16

CVE-2026-30346

Summary

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL.

Are YOU affected by CVE-2026-30346?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether CVE-2026-30346 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash

Form-based quickscan Read the bash source first

References

https://gist.github.com/syphonetic/d4e519904aaa55dbd0e3b87a317660d1
https://github.com/hunvreus/devpush
https://github.com/hunvreus/devpush/releases/tag/0.3.2

Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.

Buy lifetime →See StackPatch →Live audit log →