Description

Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF (Carriage Return Line Feed) sequences in user-supplied header values and names. When making HTTP requests with user-controlled header values containing `\r\n` (CRLF), `\n` (LF), or `\x00` (null byte) characters, an attacker could inject arbitrary HTTP headers into the request. The fix in version 0.1.1 adds a `_sanitize_header()` function that strips `\r`, `\n`, and `\x00` characters from both header names and values before they are included in HTTP requests.

INFO

Published Date :

2026-01-27T00:36:34.230Z

Last Modified :

2026-01-27T14:46:42.530Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-24489 vulnerability.

Vendors Products
Happyhackingspace
  • Gakido
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-24489.

URL Resource
https://github.com/HappyHackingSpace/gakido/commit/369c67e67c63da510c8a9ab021e54a92ccf1f788 cve-icon cve-icon
https://github.com/HappyHackingSpace/gakido/releases/tag/v0.1.1-1bc6019 cve-icon cve-icon
https://github.com/HappyHackingSpace/gakido/security/advisories/GHSA-gcgx-chcp-hxp9 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact