CVE-2026-33149 affects Tandoor Recipes, an application for recipe management, meal planning, and shopping list creation. Versions up to and including 2.5.3 have a critical security flaw stemming from the Django framework setting ALLOWED_HOSTS to '*' by default, which disables validation of the HTTP Host header. This misconfiguration allows an attacker to supply arbitrary Host header values in HTTP requests. The application uses Django's request.build_absolute_uri() method to generate absolute URLs in various contexts such as invite link emails, API pagination, and OpenAPI schema generation. Because the Host header is not validated, these URLs can be manipulated to point to attacker-controlled domains. The most severe consequence is invite link poisoning: when an administrator creates an invite, the generated email contains a link with the attacker’s domain instead of the legitimate application URL. If the invitee clicks this link, the invite token is sent to the attacker, who can then use it to gain unauthorized access to the real application. This vulnerability is categorized under CWE-644 (Improper Neutralization of HTTP Headers for Scripting Syntax), highlighting the failure to properly sanitize or validate HTTP headers. The CVSS 3.1 base score is 8.1 (high), reflecting network attack vector, low attack complexity, high privileges required, user interaction needed, and a scope change with high confidentiality and integrity impacts but no availability impact. No patches or fixes are currently documented, and no active exploits have been reported in the wild as of publication.

The vulnerability primarily threatens the confidentiality and integrity of user data and application access controls. By poisoning invite links, attackers can intercept invite tokens, allowing them to impersonate legitimate users or gain unauthorized access to the application. This can lead to unauthorized data exposure, manipulation of user accounts, and potential lateral movement within an organization’s environment. Since the vulnerability affects the generation of absolute URLs used in emails and APIs, it can also undermine user trust and facilitate phishing or social engineering attacks. The attack requires an attacker to send crafted requests and rely on an administrator to send invites, which limits the attack surface but does not eliminate the risk in environments where invites are frequently used. Organizations relying on Tandoor Recipes for internal or external user management face significant risk of account compromise and data leakage if unmitigated. The lack of a patch increases exposure time, making timely mitigation critical.

Organizations should immediately review and update the ALLOWED_HOSTS setting in their Tandoor Recipes deployment to explicitly list trusted hostnames instead of using '*'. This change enforces proper validation of the Host header and prevents arbitrary URL generation. Until a patch is available, administrators should avoid sending invite emails or disable invite functionality if feasible. Monitoring email logs and invite token usage for anomalies can help detect exploitation attempts. Implementing additional validation on invite tokens and restricting their usage by IP or time can reduce risk. Network-level protections such as Web Application Firewalls (WAFs) can be configured to block suspicious Host headers. Educating administrators about the risk of clicking unexpected invite links and verifying URLs before use is also important. Organizations should track vendor updates for official patches and apply them promptly once released. Finally, consider isolating the Tandoor Recipes application behind reverse proxies that enforce strict host header validation.