QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-7713

Back to search

CVE-2026-7713

Published: May 4, 2026

Modified: May 5, 2026

PUBLISHED

CVSS v3.1

6.3

MEDIUM

Description

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.0.7 addresses this issue. The patch is identified as 9f50bb2c16160564c9f8777dc2ceed3eb95e4807. The affected component should be upgraded.

VendorProductVersions

crocodilestick

Calibre-Web-Automated

affected
4.0.0
affected
4.0.1
affected
4.0.2
affected
4.0.3
affected
4.0.4

+3 more versions

Weaknesses (CWE)

CWE-285
CWE-266

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now