CVE-2026-0613_CVE-2026-0613

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions.

Basic Information

ID CVE-2026-0613

Source certcc

Published Jan 16, 2026 at 12:46

Modified Jan 16, 2026 at 21:41

Affected Product

Vendor TheLibrarian

Product TheLibrarian.io

Affected Versions TheLibrarian TheLibrarian.io 0

References

{
    "lastseen": "",
    "description": "The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions.",
    "published": "2026-01-16T12:46:02.733Z",
    "modified": "2026-01-16T21:41:53.497Z",
    "type": "cve",
    "title": "CVE-2026-0613",
    "source": "certcc",
    "references": "https://mindgard.ai/blog/thelibrarian-ios-ai-security-disclosure\nhttps://thelibrarian.io/",
    "id": "CVE-2026-0613",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "TheLibrarian TheLibrarian.io 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TheLibrarian.io",
    "version": "0",
    "vendor": "TheLibrarian",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply