Submit #806507: crocodilestick Calibre-Web-Automated v1.0.0-v4.0.6 Denial of Serviceinfo

Titlecrocodilestick Calibre-Web-Automated v1.0.0-v4.0.6 Denial of Service
DescriptionCalibre-Web-Automated suffers from a denial-of-service vulnerability. An unauthenticated remote attacker could use a GET /cwa-convert-library-start request to launch the CWA Library Convertor program that generates new EPUB files. This program reads all non-EPUB files in the library and converts them to EPUB, triggering a large number of CPU/disk operations and easily exhausting disk space.
Source⚠️ https://gist.github.com/menelausx/cb37642358126a6e6ce97830b54a3078
User
 JasperX (UID 97281)
Submission04/16/2026 15:48 (3 months ago)
Moderation05/25/2026 16:14 (1 month later)
StatusDuplicate
VulDB entry360890 [crocodilestick Calibre-Web-Automated up to 4.0.6 Admin Endpoint cps/cwa_functions.py missing authentication]
Points0

Want to stay up to date on a daily basis?

Enable the mail alert feature now!