Description
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This vulnerability is fixed in 0.55.0.
Published: 2026-02-13
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass
Action: Immediate Patch
AI Analysis

Impact

The flaw occurs when an attacker sends a request containing an X-Forwarded-Host header set to 127.0.0.1:8080. Caido’s 8080 service checks for non-whitelisted domains, but this header bypasses that check, making the request appear to originate from localhost. The result is that an attacker can use the service as if they were an internal client, potentially exposing functionality or data that should only be available to trusted internal traffic. The weakness is an authentication bypass (CWE‑290).

Affected Systems

Caido, versions earlier than 0.55.0, shipping with the 8080‑port domain‑whitelisting logic. All releases before 0.55.0 are vulnerable.

Risk and Exploitability

CVSS score of 8.1 indicates high severity. EPSS score < 1% suggests a very low likelihood of exploitation in the wild. The vulnerability is not listed in CISA’s KEV data. The bug is exploitable remotely by sending a crafted HTTP request with the X-Forwarded-Host header; no authentication is required. Attackers could connect to Caido as if from the loopback interface and gain access to restricted endpoints.

Generated by OpenCVE AI on April 18, 2026 at 18:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Caido to version 0.55.0 or later
  • Disable or strictly validate X-Forwarded-Host headers from untrusted clients
  • Restrict inbound access to Caido 8080 port to trusted IP ranges

Generated by OpenCVE AI on April 18, 2026 at 18:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Feb 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:caido:caido:*:*:*:*:*:*:*:*

Tue, 17 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 16 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Caido
Caido caido
Vendors & Products Caido
Caido caido

Fri, 13 Feb 2026 22:45:00 +0000

Type Values Removed Values Added
Description Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This vulnerability is fixed in 0.55.0.
Title Caido has an insufficient patch for DNS rebind leading to RCE
Weaknesses CWE-290
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Caido Caido
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-17T15:08:07.180Z

Reserved: 2026-01-27T14:51:03.061Z

Link: CVE-2026-24853

cve-icon Vulnrichment

Updated: 2026-02-17T15:08:02.885Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-13T23:16:11.800

Modified: 2026-02-24T20:32:18.710

Link: CVE-2026-24853

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:15:06Z

Weaknesses