CVE-2026-24489

Description

Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF (Carriage Return Line Feed) sequences in user-supplied header values and names. When making HTTP requests with user-controlled header values containing rn (CRLF), n (LF), or x00 (null byte) characters, an attacker could inject arbitrary HTTP headers into the request. The fix in version 0.1.1 adds a _sanitize_header() function that strips r, n, and x00 characters from both header names and values before they are included in HTTP requests.

Risk Information

Base Score

5.3

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Score

Exploitation Probability

0.019

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2026-24489 are fixed in Python-gakido 0.1.1	Windows
Vulnerabilities CVE-2026-24489 are fixed in Python-gakido for linux 0.1.1	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234