PT-2026-36726 · Janeczku · Calibre-Web

Jasperx

Published

2026-05-03

Updated

2026-05-04

CVE-2026-7709

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions janeczku Calibre-Web versions prior to 0.6.27

Description Improper authorization occurs in the Endpoint component due to the manipulation of the user id argument within the generate auth token() function located in the cps/kobo auth.py file. This issue allows a remote attacker to bypass authorization mechanisms.

Recommendations As a temporary workaround, restrict access to the generate auth token() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Privilege Assignment

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-285

Related Identifiers

CVE-2026-7709

Affected Products

Calibre-Web

PT-2026-36726 · Janeczku · Calibre-Web

CVE-2026-7709

Weakness Enumeration

Related Identifiers

Affected Products

References · 9