Skip to main content

Python CVE-2026-33149

| EUVDEUVD-2026-16313 HIGH
Improper Neutralization of HTTP Headers for Scripting Syntax (CWE-644)
2026-03-26 GitHub_M
8.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.1 HIGH
AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
Re-analysis Queued
Apr 23, 2026 - 15:23 vuln.today
cvss_changed
EUVD ID Assigned
Mar 26, 2026 - 19:16 euvd
EUVD-2026-16313
Analysis Generated
Mar 26, 2026 - 19:16 vuln.today
CVE Published
Mar 26, 2026 - 18:53 nvd
HIGH 8.1

DescriptionGitHub Advisory

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWED_HOSTS = '*' by default, which causes Django to accept any value in the HTTP Host header without validation. The application uses request.build_absolute_uri() to generate absolute URLs in multiple contexts, including invite link emails, API pagination, and OpenAPI schema generation. An attacker who can send requests to the application with a crafted Host header can manipulate all server-generated absolute URLs. The most critical impact is invite link poisoning: when an admin creates an invite and the application sends the invite email, the link points to the attacker's server instead of the real application. When the victim clicks the link, the invite token is sent to the attacker, who can then use it at the real application. As of time of publication, it is unknown if a patched version is available.

AnalysisAI

Tandoor Recipes versions through 2.5.3 permit Host header injection attacks that enable invite link poisoning, allowing authenticated administrators with high privileges to be social-engineered into sending system-generated invite tokens to attacker-controlled servers. The Django application's default ALLOWED_HOSTS='*' configuration fails to validate HTTP Host headers, which combined with request.build_absolute_uri() usage allows manipulation of all absolute URLs including invite emails, API pagination, and OpenAPI schemas. No public exploit identified at time of analysis; CVSS 8.1 reflects network-based attack requiring high privileges and user interaction with changed scope.

Technical ContextAI

The vulnerability stems from CWE-644 (Improper Neutralization of HTTP Headers for Scripting Syntax) in Tandoor Recipes, a Python-based Django web application for recipe management (CPE: cpe:2.3:a:tandoorrecipes:recipes:*:*:*:*:*:*:*:*). Django's ALLOWED_HOSTS setting acts as a security control to validate the Host header in HTTP requests, preventing Host header injection attacks. When set to the wildcard '*', Django accepts any Host header value without validation. The application uses Django's request.build_absolute_uri() method to construct absolute URLs, which incorporates the Host header value. This affects multiple application contexts: invite link generation in email notifications, API pagination URLs, and OpenAPI schema generation. An attacker can craft malicious Host headers that propagate through these URL construction mechanisms, causing the application to generate URLs pointing to attacker-controlled domains instead of the legitimate application server.

RemediationAI

As of the publication date, patched version availability is unknown per the CVE description. Organizations should monitor the vendor security advisory at https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-x636-4jx6-xc4w for patch release announcements. As an interim mitigation, modify the Django configuration to set ALLOWED_HOSTS to an explicit list of legitimate domain names and IP addresses instead of the wildcard '*' value, ensuring only trusted Host header values are accepted. Deploy the application behind a reverse proxy (nginx, Apache, or cloud load balancer) configured to validate and normalize the Host header before forwarding requests to the Django application. Implement additional email security controls such as adding warning banners to invite emails that display the full URL and educating administrators to verify link destinations before clicking. Restrict invite creation permissions to the minimum necessary administrator accounts and implement audit logging for all invite generation activities. Consider implementing URL allowlisting in email templates to detect and block generation of invite links pointing to non-organizational domains.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Share

CVE-2026-33149 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy