CVE-2026-7709 in Calibre-Webالمعلومات

الملخص

بحسب MITRE • 04/05/2026

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation of the argument user_id leads to improper authorization. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

VulDB

إفشاء

04/05/2026

الاعتدال

تمت الموافقة

إدخال

VDB-360885

CPE

جاهز

CWE

CWE-285 (مؤكد)

استغلال

تحميل

CVSS

6.3 (VulDB)

EPSS

0.00038

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-7709
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-7709
CVE Details	https://www.cvedetails.com/cve/CVE-2026-7709/

التالي ▸نظرة عامة ◂ السابق

Do you know our Splunk app?

Download it now for free!