CVE-2026-7714
crocodilestick Calibre-Web-Automated Admin Endpoint cwa_functions.py missing authentication
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwa_functions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.
| CWE | CWE-306 CWE-287 |
| Vendor | crocodilestick |
| Product | calibre-web-automated |
| Published | May 4, 2026 |
Stay Ahead of the Next One
Get instant alerts for crocodilestick calibre-web-automated
Be the first to know when new medium vulnerabilities affecting crocodilestick calibre-web-automated are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
crocodilestick / Calibre-Web-Automated
4.0.0 4.0.1 4.0.2 4.0.3 4.0.4 4.0.5 4.0.6
References
vuldb.com: https://vuldb.com/vuln/360890 vuldb.com: https://vuldb.com/vuln/360890/cti vuldb.com: https://vuldb.com/submit/806468 github.com: https://github.com/crocodilestick/Calibre-Web-Automated/issues/1304 github.com: https://github.com/crocodilestick/Calibre-Web-Automated/pull/1308 gist.github.com: https://gist.github.com/menelausx/1b45c952d352a2ebdc01cd8d5aa88e87 github.com: https://github.com/crocodilestick/Calibre-Web-Automated/
Credits
๐ JasperX (VulDB User) VulDB CNA Team