Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
Public Swagger UI/API detected at path: /swagger/index.html
Open service 20.90.134.32:443 · api-staging.corpfinhub.co.uk
2026-01-22 19:46
HTTP/1.1 301 Moved Permanently Content-Length: 203 Connection: close Content-Type: text/html; charset=utf-8 Date: Thu, 22 Jan 2026 19:46:55 GMT Location: /swagger x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000 Page title: Redirecting... <!doctype html> <html lang=en> <title>Redirecting...</title> <h1>Redirecting...</h1> <p>You should be redirected automatically to the target URL: <a href="/swagger">/swagger</a>. If not, click the link.
Open service 20.90.134.32:80 · api-staging.corpfinhub.co.uk
2026-01-12 02:23
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Mon, 12 Jan 2026 02:24:55 GMT Location: https://api-staging.corpfinhub.co.uk/
Open service 20.90.134.32:443 · api-staging.corpfinhub.co.uk
2026-01-12 02:23
HTTP/1.1 301 Moved Permanently Content-Length: 203 Connection: close Content-Type: text/html; charset=utf-8 Date: Mon, 12 Jan 2026 02:24:56 GMT Location: /swagger x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000 Page title: Redirecting... <!doctype html> <html lang=en> <title>Redirecting...</title> <h1>Redirecting...</h1> <p>You should be redirected automatically to the target URL: <a href="/swagger">/swagger</a>. If not, click the link.