CVE-2026-24853

HIGH
2026-02-13 [email protected]
Authentication Bypass Caido
8.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:02 vuln.today
CVE Published
Feb 13, 2026 - 23:16 nvd
HIGH 8.1

DescriptionNVD

Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This vulnerability is fixed in 0.55.0.

AnalysisAI

Caido versions prior to 0.55.0 can be bypassed using a crafted X-Forwarded-Host header to circumvent domain whitelist restrictions, allowing unauthenticated remote attackers to reach non-whitelisted domains through port 8080. This vulnerability affects all users of the web security auditing toolkit and could enable attackers to exfiltrate data or attack internal systems. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all Caido instances in your environment and document their versions and network locations. Within 7 days: Implement network segmentation to restrict outbound connections from Caido systems to only authorized destinations; enable logging and monitoring of all port 8080 traffic from Caido. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-24853 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy