An open redirect is a security vulnerability that occurs when a web application accepts untrusted input to redirect users to external URLs without proper validation. Attackers exploit open redirects by crafting links that appear legitimate but redirect unsuspecting users to malicious websites, often as part of phishing or malware distribution schemes. Because the redirect originates from a trusted domain, users are more likely to trust the link, increasing the risk of credential theft or malware infection. Proper input validation and whitelisting of allowed redirect destinations are essential to prevent open redirect vulnerabilities.