{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24853", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-27T14:51:03.061Z", "datePublished": "2026-02-13T22:19:47.142Z", "dateUpdated": "2026-02-17T15:08:07.180Z"}, "containers": {"cna": {"title": "Caido has an insufficient patch for DNS rebind leading to RCE", "problemTypes": [{"descriptions": [{"cweId": "CWE-290", "lang": "en", "description": "CWE-290: Authentication Bypass by Spoofing", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/caido/caido/security/advisories/GHSA-3q5q-p8vj-8783", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/caido/caido/security/advisories/GHSA-3q5q-p8vj-8783"}], "affected": [{"vendor": "caido", "product": "caido", "versions": [{"version": "< 0.55.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-13T22:19:47.142Z"}, "descriptions": [{"lang": "en", "value": "Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This vulnerability is fixed in 0.55.0."}], "source": {"advisory": "GHSA-3q5q-p8vj-8783", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-17T15:07:30.247005Z", "id": "CVE-2026-24853", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T15:08:07.180Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24853", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-17T15:07:30.247005Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T15:08:02.885Z"}}], "cna": {"title": "Caido has an insufficient patch for DNS rebind leading to RCE", "source": {"advisory": "GHSA-3q5q-p8vj-8783", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "caido", "product": "caido", "versions": [{"status": "affected", "version": "< 0.55.0"}]}], "references": [{"url": "https://github.com/caido/caido/security/advisories/GHSA-3q5q-p8vj-8783", "name": "https://github.com/caido/caido/security/advisories/GHSA-3q5q-p8vj-8783", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This vulnerability is fixed in 0.55.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-290", "description": "CWE-290: Authentication Bypass by Spoofing"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-13T22:19:47.142Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24853", "state": "PUBLISHED", "dateUpdated": "2026-02-17T15:08:07.180Z", "dateReserved": "2026-01-27T14:51:03.061Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-13T22:19:47.142Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:caido:caido:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F383B1E-8E9B-445B-8BDD-00C22BACA524", "versionEndExcluding": "0.55.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This vulnerability is fixed in 0.55.0."}, {"lang": "es", "value": "Caido es un kit de herramientas de auditor\u00eda de seguridad web. Antes de la versi\u00f3n 0.55.0, Caido bloquea los dominios no incluidos en la lista blanca para acceder a trav\u00e9s del puerto 8080, y muestra 'Host/IP no tiene permiso para conectarse a Caido' en todos los puntos finales. Pero esto es eludible inyectando una cabecera X-Forwarded-Host: 127.0.0.1:8080. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 0.55.0."}], "id": "CVE-2026-24853", "lastModified": "2026-02-24T20:32:18.710", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-13T23:16:11.800", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/caido/caido/security/advisories/GHSA-3q5q-p8vj-8783"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.55.0)"}}], "product": "caido", "vendor": "caido"}], "analysis": {"en": {"generated_at": "2026-04-18T18:07:12.961828+00:00", "value": {"mitigation_remediation": ["Upgrade Caido to version 0.55.0 or later", "Disable or strictly validate X-Forwarded-Host headers from untrusted clients", "Restrict inbound access to Caido 8080 port to trusted IP ranges"], "summary": {"action": "Immediate Patch", "impact": "Authentication Bypass"}, "threat_synthesis": {"affected_systems": "Caido, versions earlier than 0.55.0, shipping with the 8080\u2011port domain\u2011whitelisting logic. All releases before 0.55.0 are vulnerable.", "description_and_impact": "The flaw occurs when an attacker sends a request containing an X-Forwarded-Host header set to 127.0.0.1:8080. Caido\u2019s 8080 service checks for non-whitelisted domains, but this header bypasses that check, making the request appear to originate from localhost. The result is that an attacker can use the service as if they were an internal client, potentially exposing functionality or data that should only be available to trusted internal traffic. The weakness is an authentication bypass (CWE\u2011290).", "risk_and_exploitability": "CVSS score of 8.1 indicates high severity. EPSS score < 1% suggests a very low likelihood of exploitation in the wild. The vulnerability is not listed in CISA\u2019s KEV data. The bug is exploitable remotely by sending a crafted HTTP request with the X-Forwarded-Host header; no authentication is required. Attackers could connect to Caido as if from the loopback interface and gain access to restricted endpoints."}}}}, "created": "2026-02-16T12:03:23.811991+00:00", "updated": "2026-04-18T18:15:06.590906+00:00", "vendors": ["caido", "caido$PRODUCT$caido"]}