Home / Vulnerability Intelligence / CVE-2026-24853

CVE-2026-24853 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: February 13, 2026

Caido - Host Header Injection

Published: February 13, 2026Updated: February 13, 2026Remote Exploitable

Overview

Caido < 0.55.0 contains a host header injection caused by improper validation of X-Forwarded-Host header, letting attackers bypass domain whitelist and connect to restricted ports, exploit requires sending crafted header.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 4.1%(Probability of exploitation in next 30 days)

Impact

Attackers can bypass domain restrictions to connect to restricted ports, potentially accessing unauthorized services.

Mitigation

Update to version 0.55.0 or later.

References

https://github.com/caido/caido/security/advisories/GHSA-3q5q-p8vj-8783

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 13, 2026

🟠 CVE-2026-24853 - High (8.1) Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forw... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24853/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-24853
Severity: High
CVSS Score: 8.1
Type: host_header_injection
Status: new
EPSS: 4.1%
Social Posts: 1

CWE

CWE-290

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.1%Probability of exploitation in the next 30 days