CVE-2026-33149
Received Received - Intake
Host Header Injection in Tandoor Recipes Enables Invite Link Hijacking

Publication date: 2026-03-26

Last updated on: 2026-04-23

Assigner: GitHub, Inc.

Description
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWED_HOSTS = '*' by default, which causes Django to accept any value in the HTTP Host header without validation. The application uses request.build_absolute_uri() to generate absolute URLs in multiple contexts, including invite link emails, API pagination, and OpenAPI schema generation. An attacker who can send requests to the application with a crafted Host header can manipulate all server-generated absolute URLs. The most critical impact is invite link poisoning: when an admin creates an invite and the application sends the invite email, the link points to the attacker's server instead of the real application. When the victim clicks the link, the invite token is sent to the attacker, who can then use it at the real application. As of time of publication, it is unknown if a patched version is available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-33149
EUVD
EUVD-2026-16313
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tandoor recipes to 2.5.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-644 The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-33149 is a Host Header Injection vulnerability in the Tandoor Recipes application, specifically affecting version 2.5.3. The root cause is that the application sets Django's ALLOWED_HOSTS configuration to '*', which disables validation of the HTTP Host header. This means the server accepts any Host header value sent in requests.

The application uses Django's request.build_absolute_uri() method to generate absolute URLs in various contexts such as invite link emails, API pagination, and OpenAPI schema generation. Because the Host header is not validated, an attacker can send requests with a crafted Host header to manipulate these generated URLs.

The most critical impact is invite link poisoning: when an admin creates an invite, the invite email contains a link that points to the attacker's server instead of the real application. If a victim clicks this link, the invite token is sent to the attacker, who can then use it to hijack account provisioning on the legitimate server.

Impact Analysis

This vulnerability can have serious security impacts including unauthorized access and manipulation of user account invitations.

  • Invite link poisoning allows attackers to intercept invite tokens by sending victims links pointing to attacker-controlled domains.
  • Attackers can use stolen invite tokens to hijack account provisioning on the legitimate application.
  • In environments using caching proxies, a single poisoned request can corrupt cached responses for all users, amplifying the attack's reach.
  • The vulnerability compromises confidentiality and integrity by allowing attackers to gain unauthorized access and manipulate sensitive tokens.
Detection Guidance

This vulnerability can be detected by sending HTTP requests to the Tandoor Recipes application with a forged Host header and observing if the server accepts it without validation.

You can test this by crafting requests with different Host headers and checking if the application-generated URLs (such as invite links, API pagination URLs, or OpenAPI schema URLs) reflect the attacker-controlled Host header.

  • Use curl to send a request with a custom Host header, for example: curl -H "Host: attacker.com" http://your-tandoor-recipes-server/
  • Check API pagination responses for next and previous URLs containing the forged Host header.
  • Request the OpenAPI schema endpoint and verify if the server URLs include the attacker-controlled Host.
  • Trigger an invite email by sending an invite request with a poisoned Host header and verify if the invite link in the email points to the attacker domain.
Mitigation Strategies

The immediate mitigation step is to properly configure the Django ALLOWED_HOSTS setting to restrict accepted Host headers to trusted domain names instead of using the wildcard '*'.

By setting ALLOWED_HOSTS to a list of valid hostnames, the application will reject requests with unrecognized Host headers, preventing Host header injection.

Additionally, monitor and audit invite emails and API responses to ensure that generated URLs use only trusted hosts.

Since no patched version is available at the time of reporting, configuration changes are the primary defense.

Compliance Impact

The vulnerability allows an attacker to hijack invite tokens by poisoning invite links sent via email, leading to unauthorized access and compromise of user account security.

Such unauthorized access and compromise of confidentiality and integrity of user data can negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access.

However, the provided information does not explicitly mention compliance impacts or specific regulatory considerations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33149. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart