3 matches found
CVE-2026-24853 Caido has an insufficient patch for DNS rebind leading to RCE
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This...
CVE-2026-24853
CVE-2026-24853 affects Caido before version 0.55.0. The issue allows bypassing domain-based access controls on the 8080 port by injecting an X-Forwarded-Host header (127.0.0.1:8080). Multiple sources confirm the vulnerability exists in Caido up to 0.54.x and was fixed in 0.55.0. Impact details in...
caido 安全漏洞
caido is an open source application from Caido. Designed to help security professionals and enthusiasts audit web applications efficiently and easily. A security vulnerability exists in versions prior to caido 0.48.0 that stems from a lack of DNS rebinding protection and could lead to remote...