CVE-2026-7709 | janeczku Calibre-Web up to 0.6.26 Endpoint cps/kobo_auth.py generate_auth_token user_id improper authorization

Inserito da Angelo Barbosa | Mag 3, 2026 | CVE

A vulnerability was found in janeczku Calibre-Web up to 0.6.26. It has been declared as critical. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation of the argument user_id leads to improper authorization.

This vulnerability is traded as CVE-2026-7709. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-7709 | janeczku Calibre-Web up to 0.6.26 Endpoint cps/kobo_auth.py generate_auth_token user_id improper authorization

Post correlati

CVE-2026-23866 | Facebook WhatsApp on iOS/Android verification of source

CVE-2024-29080 | HP Display Control Local Privilege Escalation

CVE-2023-48288 | HM Plugin Job Board and Recruitment Plugin up to 2.1 on WordPress information disclosure

CVE-2022-23829 | AMD RyzenTM Embedded V3000 AMD SPI Protection Local Privilege Escalation