Primary

Context

Caido Improper Link Handling in Markdown Renderer Vulnerability Allowing Phishing Attacks

Vulnerability

A vulnerability in Caido's web security auditing toolkit, prior to version 0.53.0, allowed for improper handling of user-supplied Markdown in the Findings page. This flaw enabled attacker-controlled links to be rendered without verification. Users opening findings generated by the scanner or other plugins could inadvertently click these injected links, leading the Caido application to an attacker-controlled domain and facilitating phishing-style attacks. The issue has been patched in version 0.53.0.

Impact

Exploitation of this vulnerability could lead to phishing attacks, where users are redirected to malicious domains controlled by an attacker.

Remediation

Users can upgrade to Caido version 0.53.0 or later to address this vulnerability.

Added: Nov 26, 2025, 3:18 AM

Updated: Nov 26, 2025, 3:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Caido Improper Link Handling in Markdown Renderer Vulnerability Allowing Phishing Attacks

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating