PT-2026-50530 · Tinyproxy · Tinyproxy
Tristan Madani
·
Published
2026-06-17
·
Updated
2026-06-17
·
CVE-2026-55202
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Tinyproxy versions prior to 1.11.3 commit 09312a1
Description
Improper validation of the
Host header during stathost detection allows unauthenticated attackers to access the statistics page by injecting a matching Host header or bypassing detection through port manipulation. This can lead to unauthorized access to internal proxy statistics or the misrouting of requests as transparent proxy connections to circumvent access controls.Recommendations
Update to the version containing commit 09312a1.
Fix
Authentication Bypass by Spoofing
HTTP Request/Response Smuggling
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tinyproxy