CVE-2026-7713

MEDIUM

crocodilestick Calibre-Web-Automated Kobo auth-token Route kobo_auth.py generate_auth_token improper authorization

Title source: cna
STIX 2.1

Description

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.0.7 addresses this issue. The patch is identified as 9f50bb2c16160564c9f8777dc2ceed3eb95e4807. The affected component should be upgraded.

References (9)

Core 9
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-360889 | crocodilestick Calibre-Web-Automated Kobo auth-token Route kobo_auth.py generate_auth_token improper authorization
https://vuldb.com/vuln/360889
Signature, Permissions Required signature permissions-required
VDB-360889 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/360889/cti
Third Party Advisory third-party-advisory
Submit #806403 | crocodilestick Calibre-Web-Automated v1.0.0-v4.0.6 IDOR in auth-token generation leading to account takeover
https://vuldb.com/submit/806403

Scores

CVSS v3 6.3
EPSS 0.0008
EPSS Percentile 22.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-266 CWE-285
Status published
Products (8)
crocodilestick/Calibre-Web-Automated 4.0.0
crocodilestick/Calibre-Web-Automated 4.0.1
crocodilestick/Calibre-Web-Automated 4.0.2
crocodilestick/Calibre-Web-Automated 4.0.3
crocodilestick/Calibre-Web-Automated 4.0.4
crocodilestick/Calibre-Web-Automated 4.0.5
crocodilestick/Calibre-Web-Automated 4.0.6
crocodilestick/Calibre-Web-Automated 4.0.7
Published May 04, 2026
Tracked Since May 04, 2026