CVE-2026-24853

Name of the Vulnerable Software and Affected Versions Caido versions prior to 0.55.0

Description Caido is a web security auditing toolkit. Prior to version 0.55.0, the software blocks connections from non-whitelisted domains through the 8080 port, displaying a message indicating the Host/IP is not allowed to connect. This restriction can be bypassed by injecting an X-Forwarded-Host: 127.0.0.1:8080 header. This bypass can lead to remote code execution. The software attempts to block connections to the 8080 port, but this protection is circumvented by manipulating the X-Forwarded-Host header. All endpoints are affected.

Recommendations Update Caido to version 0.55.0 or later.