Skip to content
← Back to Glossary
API Security Checked by Vezraa

CORS Misconfiguration

Overly permissive cross-origin resource sharing settings that expose your API.

CORS misconfiguration typically means using Access-Control-Allow-Origin: * or reflecting arbitrary origins without validation. This allows any website to make cross-origin requests to your API, potentially exposing authenticated data.

Related Terms

See this vulnerability in the database

See if your app is vulnerable

Vezraa checks for this security issues. Scan in 25 seconds.

CORS Misconfiguration — Security Glossary | Vezraa