CVE-2026-1406
Unknown Unknown - Not Provided
Open Redirect Vulnerability in BootDo Host Header Handler

Publication date: 2026-01-25

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of the component Host Header Handler. This manipulation of the argument Hostname causes open redirect. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-25
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2026-01-25
EPSS Evaluated
2026-05-05
NVD
CVE-2026-1406
EUVD
EUVD-2026-4641
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
lcg0124 bootdo to 5ccd963c74058036b466e038cff37de4056c1600 (exc)
lcg0124 bootdo 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-1406 is a Host Header Injection vulnerability in the BootDo project, specifically in the redirectToLogin function of AccessControlFilter.java. The vulnerability occurs because the application uses the Host header from incoming HTTP requests without proper validation, allowing an attacker to manipulate this header to cause an open redirect. This means an attacker can redirect users to arbitrary external URLs, potentially facilitating phishing attacks and compromising the integrity of the application. Exploitation is remote and requires user interaction. [1, 2, 3]


How can this vulnerability impact me? :

This vulnerability can impact you by enabling attackers to redirect users to malicious websites, which can be used for phishing attacks. It can also allow attackers to poison password-reset links, capture authentication tokens and credentials, escalate privileges within the application, and poison downstream caches. This compromises user trust, platform integrity, and may lead to unauthorized access or data exposure. [1, 3]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by sending HTTP requests with manipulated Host headers to the affected BootDo system and observing if the application redirects to arbitrary external URLs. For example, you can use curl to send a request with a custom Host header and check the response for open redirects: curl -H "Host: attacker.com" -v http://target/endpoint. If the response redirects to the attacker.com domain or any unexpected domain, the system is vulnerable. Monitoring logs for unusual Host header values or unexpected redirects can also help detect exploitation attempts. [3]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include configuring the web server to accept only a whitelist of known canonical hostnames and rejecting requests with unknown or mismatched Host headers by returning 400 or 404 errors. Additionally, avoid using client-supplied Host headers for redirects or password-reset links by hardcoding secure absolute URLs with HTTPS domains. Deploying reverse proxies or web application firewalls (WAFs) to overwrite and validate the Host header before requests reach the backend is also recommended to prevent exploitation. [3]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart