PT-2026-42883 · Cal.Com · Cal.Com
Eric-Z
·
Published
2026-05-23
·
Updated
2026-05-23
·
CVE-2026-9303
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
calcom cal.diy versions prior to 4.9.5
Description
A cross-site request forgery (CSRF) issue exists in an unknown function, allowing a remote attacker to initiate an attack. CSRF is a type of attack that tricks a victim into performing actions they did not intend to do on a web application where they are currently authenticated.
Recommendations
Update to a version newer than 4.9.4.
Exploit
Fix
CSRF
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cal.Com