216.73.216.215

CVE-2026-55202

· Published 17/06/2026 22:17 · Author: The MITRE Corporation

Labels: CVE-2026-55202 2026-06-17CVE-2026-55202CWE-290[email protected]

Essential information

Published
17/06/2026 22:17
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
8.2 HIGH (v3.1) 8.8 HIGH (v4.0)
CISA KEV
No
CWE
CWE-290
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CVSS metrics

Description

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger unauthorized access to internal proxy statistics or misroute requests as transparent proxy connections to circumvent access controls.

NVD status

NVD
View on NVD