PT-2026-42883 · Cal.Com · Cal.Com

Eric-Z

·

Published

2026-05-23

·

Updated

2026-05-23

·

CVE-2026-9303

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions calcom cal.diy versions prior to 4.9.5
Description A cross-site request forgery (CSRF) issue exists in an unknown function, allowing a remote attacker to initiate an attack. CSRF is a type of attack that tricks a victim into performing actions they did not intend to do on a web application where they are currently authenticated.
Recommendations Update to a version newer than 4.9.4.

Exploit

Fix

CSRF

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-9303

Affected Products

Cal.Com