A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.0.7 addresses this issue. The patch is identified as 9f50bb2c16160564c9f8777dc2ceed3eb95e4807. The affected component should be upgraded.
CVE-2026-7713 is an improper authorization vulnerability in Calibre-Web-Automated versions up to 4.0.6 affecting the Kobo authentication token generation function. Remote attackers can exploit this publicly disclosed vulnerability to bypass authorization controls.
تؤثر هذه الثغرة على وظيفة generate_auth_token في ملف cps/kobo_auth.py مما يسمح بتجاوز آليات التفويض. يمكن للمهاجمين البعيدين استغلال هذه الثغرة المكشوفة علناً للوصول غير المصرح به إلى الموارد المحمية.
A vulnerability in Calibre-Web-Automated up to version 4.0.6 allows remote attackers to bypass authorization in the Kobo auth-token route. The vulnerability affects the generate_auth_token function and has been publicly disclosed with active exploits available.
Immediately upgrade Calibre-Web-Automated to version 4.0.7 or later. Apply patch 9f50bb2c16160564c9f8777dc2ceed3eb95e4807. Review and audit all authentication tokens generated prior to patching. Implement network segmentation to restrict access to Kobo authentication endpoints.
قم بترقية Calibre-Web-Automated إلى الإصدار 4.0.7 أو أحدث فوراً. طبق التصحيح 9f50bb2c16160564c9f8777dc2ceed3eb95e4807. راجع وتدقيق جميع رموز المصادقة المُنشأة قبل التصحيح. طبق تقسيم الشبكة لتقييد الوصول إلى نقاط نهاية مصادقة Kobo.