Description
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-22
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Improper header handling enabling DNS rebinding, inferred potential for authorization bypass
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in ericc‑ch's copilot‑api, affecting the Header Handler component up to version 0.7.0. A flaw in the /token endpoint allows manipulation of the Host HTTP header, causing the service to perform reverse DNS resolution on the supplied host. Because the API does not validate or restrict this header, an attacker can supply a crafted host value that maps back to the target system, potentially bypassing authentication checks or executing unintended paths (inferred). This weakness is classified as CWE‑350, indicating insufficient authentication or authorization controls.

Affected Systems

Affected systems include any installations of ericc‑ch copilot‑api running version 0.7.0 or earlier. The specific location is the Header Handler's handling of the /token route where Host header validation is performed. No other vendors or products are listed as impacted.

Risk and Exploitability

The vulnerability carries a CVSS score of 5.3, placing it in the moderate severity range. The EPSS score is less than 1 %, suggesting that, at present, the likelihood of exploitation is low, and the vulnerability is not listed in CISA’s KEV catalog. However, the attack can be conducted remotely simply by sending a crafted HTTP request to the service, which publicly disclosed the issue. While the immediate risk is moderate, the lack of official vendor remediation means that organizations should treat this as a potential vector for unauthorized access (inferred) until a patch is released.

Generated by OpenCVE AI on April 28, 2026 at 20:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update ericc‑ch copilot‑api to the latest release that addresses the Host header validation flaw; if no new release is available, apply the developer‑provided patch or modify the source code to enforce stricter validation.
  • Configure the API service to accept only Host headers that match a predefined whitelist of allowed domains or IP addresses, effectively blocking arbitrary DNS rebinding attempts.
  • Enable logging of incoming Host header values and monitor for unexpected or suspicious entries, alerting administrators to potential misuse.

Generated by OpenCVE AI on April 28, 2026 at 20:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-3vr4-cvmg-7fx4 copilot-api has Reliance on Reverse DNS Resolution for a Security-Critical Action
History

Tue, 28 Apr 2026 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Ericc-ch
Ericc-ch copilot-api
Vendors & Products Ericc-ch
Ericc-ch copilot-api

Thu, 23 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title ericc-ch copilot-api Header token dns rebinding
Weaknesses CWE-350
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Ericc-ch Copilot-api
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-23T14:32:39.599Z

Reserved: 2026-04-22T18:20:59.444Z

Link: CVE-2026-6874

cve-icon Vulnrichment

Updated: 2026-04-23T14:32:34.904Z

cve-icon NVD

Status : Deferred

Published: 2026-04-23T00:16:47.050

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-6874

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T20:45:16Z

Weaknesses