CVE-2026-55202 – Tinyproxy – Stathost Detection Bypass via Host Header Manipulation

CVE ID :CVE-2026-55202

Published : June 17, 2026, 7:13 p.m. | 28 minutes ago

Description :Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger unauthorized access to internal proxy statistics or misroute requests as transparent proxy connections to circumvent access controls.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…