CVE-2026-24489
- Source
- https://cve.org/CVERecord?id=CVE-2026-24489
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24489.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-24489
- Aliases
- Published
- 2026-01-27T00:36:34.230Z
- Modified
- 2026-03-14T12:47:23.169292Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- Gakido vulnerable to HTTP Header Injection (CRLF Injection)
- Details
-
Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF (Carriage Return Line Feed) sequences in user-supplied header values and names. When making HTTP requests with user-controlled header values containing
\r\n(CRLF),\n(LF), or\x00(null byte) characters, an attacker could inject arbitrary HTTP headers into the request. The fix in version 0.1.1 adds a_sanitize_header()function that strips\r,\n, and\x00characters from both header names and values before they are included in HTTP requests. - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-113", "CWE-93" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24489.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24489.json
- https://github.com/HappyHackingSpace/gakido/commit/369c67e67c63da510c8a9ab021e54a92ccf1f788
- https://github.com/HappyHackingSpace/gakido/releases/tag/v0.1.1-1bc6019
- https://github.com/HappyHackingSpace/gakido/security/advisories/GHSA-gcgx-chcp-hxp9
- https://nvd.nist.gov/vuln/detail/CVE-2026-24489
Affected packages
Git / github.com/happyhackingspace/gakido
Affected ranges
- Type
- GIT
- Repo
- https://github.com/happyhackingspace/gakido
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/happyhackingspace/gakido
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1.0
v0.1.0-091188b
v0.1.0-11f0ed2
v0.1.0-13c572d
v0.1.0-15916b0
v0.1.0-18be506
v0.1.0-369c67e
v0.1.0-38ee5f8
v0.1.0-46b4304
v0.1.0-470e40c
v0.1.0-47c1040
v0.1.0-4b6e080
v0.1.0-5366b10
v0.1.0-574b8b1
v0.1.0-582b43a
v0.1.0-5a7009f
v0.1.0-5aef8b6
v0.1.0-5f84a6f
v0.1.0-6eea6e1
v0.1.0-791966b
v0.1.0-809a36b
v0.1.0-8613d08
v0.1.0-86a3b24
v0.1.0-899e446
v0.1.0-94da985
v0.1.0-b34c0e5
v0.1.0-d1de12f
v0.1.0-da0fb78
v0.1.0-e72033f
v0.1.0-f565604
v0.1.0-fb1dac1
v0.1.1