Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2026-24489

Good to know:

icon
icon
icon

Date: January 26, 2026

Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF (Carriage Return Line Feed) sequences in user-supplied header values and names. When making HTTP requests with user-controlled header values containing "\r\n" (CRLF), "\n" (LF), or "\x00" (null byte) characters, an attacker could inject arbitrary HTTP headers into the request. The fix in version 0.1.1 adds a "_sanitize_header()" function that strips "\r", "\n", and "\x00" characters from both header names and values before they are included in HTTP requests.

Severity Score

Related Resources (6)

https://github.com/HappyHackingSpace/gakido/releases/tag/v0.1.1-1bc6019
https://github.com/HappyHackingSpace/gakido
https://nvd.nist.gov/vuln/detail/CVE-2026-24489
https://github.com/HappyHackingSpace/gakido/security/advisories/GHSA-gcgx-chcp-hxp9
https://github.com/HappyHackingSpace/gakido/commit/369c67e67c63da510c8a9ab021e54a92ccf1f788
https://www.mend.io/vulnerability-database/CVE-2026-24489

Severity Score

Weakness Type (CWE)

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CWE-113

Improper Neutralization of CRLF Sequences ('CRLF Injection')

CWE-93

Top Fix

icon

Upgrade Version

Upgrade to version gakido - 0.1.1;https://github.com/HappyHackingSpace/gakido.git - v0.1.0-369c67e

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us