Vulnerabilities ›

CVE-2026-7713

Medium

CWE-266 — Weakness Type

                    Published: May 4, 2026                      ·  Modified: May 6, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.0.7 addresses this issue. The patch is identified as 9f50bb2c16160564c9f8777dc2ceed3eb95e4807. The affected component should be upgraded.

🤖 AI Executive Summary

CVE-2026-7713 is an improper authorization vulnerability in Calibre-Web-Automated versions up to 4.0.6 affecting the Kobo authentication token generation function. Remote attackers can exploit this publicly disclosed vulnerability to bypass authorization controls.

📄 Description (Arabic)

تؤثر هذه الثغرة على وظيفة generate_auth_token في ملف cps/kobo_auth.py مما يسمح بتجاوز آليات التفويض. يمكن للمهاجمين البعيدين استغلال هذه الثغرة المكشوفة علناً للوصول غير المصرح به إلى الموارد المحمية.

🤖 ملخص تنفيذي (AI)

A vulnerability in Calibre-Web-Automated up to version 4.0.6 allows remote attackers to bypass authorization in the Kobo auth-token route. The vulnerability affects the generate_auth_token function and has been publicly disclosed with active exploits available.

🤖 AI Intelligence Analysis Analyzed: May 18, 2026 03:32

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government healthcare education

🎯 MITRE ATT&CK Techniques

T1110 T1078 T1556

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade Calibre-Web-Automated to version 4.0.7 or later. Apply patch 9f50bb2c16160564c9f8777dc2ceed3eb95e4807. Review and audit all authentication tokens generated prior to patching. Implement network segmentation to restrict access to Kobo authentication endpoints.

🔧 خطوات المعالجة (العربية)

قم بترقية Calibre-Web-Automated إلى الإصدار 4.0.7 أو أحدث فوراً. طبق التصحيح 9f50bb2c16160564c9f8777dc2ceed3eb95e4807. راجع وتدقيق جميع رموز المصادقة المُنشأة قبل التصحيح. طبق تقسيم الشبكة لتقييد الوصول إلى نقاط نهاية مصادقة Kobo.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2

🔵 SAMA CSF

AC-2 AC-3 AC-6

🟡 ISO 27001:2022

A.9.2.1 A.9.2.5 A.9.4.3

🔗 References & Sources 9

🔗

https://gist.github.com/menelausx/ef98aa78ed2869ccaa316ff45ed1a440

cna@vuldb.com

🔗

https://github.com/crocodilestick/Calibre-Web-Automated/

cna@vuldb.com

🔗

https://github.com/crocodilestick/Calibre-Web-Automated/issues/1303

cna@vuldb.com

🔗

https://github.com/new-usemame/Calibre-Web-NextGen/commit/9f50bb2c16160564c9f8777dc2cee...

cna@vuldb.com

🔗

https://github.com/new-usemame/Calibre-Web-NextGen/pull/18

cna@vuldb.com

🔗

https://github.com/new-usemame/Calibre-Web-NextGen/releases/tag/v4.0.7

cna@vuldb.com

🔗

https://vuldb.com/submit/806403

cna@vuldb.com

🔗

https://vuldb.com/vuln/360889

cna@vuldb.com

🔗

https://vuldb.com/vuln/360889/cti

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-266

EPSS0.08%

Exploit No

Patch ✗ No

Published 2026-05-04

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-266

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-7713

Introduce Yourself

Sign In Required