Browse all 5 CVE security advisories affecting caido. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Caido serves as an API security testing platform designed to identify vulnerabilities in web applications and APIs. Historically, it has been associated with common vulnerability classes including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. The tool has recorded five CVEs, primarily related to improper input validation and insecure default configurations. While no major security incidents have been widely documented, its vulnerability history suggests a need for careful implementation and regular updates. Caido's core functionality focuses on automated security scanning, though users should remain vigilant about potential misconfigurations that could introduce security risks during deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-24853 | Caido has an insufficient patch for DNS rebind leading to RCE — caidoCWE-290 | 8.1 | High | 2026-02-13 |
| CVE-2025-66025 | Caido Improperly Handles External Links in Markdown — caidoCWE-74 | 4.3 | Medium | 2025-11-26 |
| CVE-2025-53834 | Caido Toast Vulnerable to Reflected Cross-site Scripting — caidoCWE-79 | 6.3 | Medium | 2025-07-14 |
| CVE-2025-49004 | Hijacking Caido instance during the initial setup via DNS Rebinding to achieve RCE — caidoCWE-290 | 7.5 | High | 2025-06-09 |
| CVE-2025-23039 | Cross Site Scripting on URL decode Tooltip in Caido — caidoCWE-79 | 5.2 | Medium | 2025-01-17 |
This page lists every published CVE security advisory associated with caido. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.