crocodilestick Calibre-Web-Automated Admin Endpoint cwa_functions.py missing authentication_CVE-2026-7714

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwa_functions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.

Basic Information

ID CVE-2026-7714

Source VulDB

Published May 4, 2026 at 00:15

Affected Product

Vendor crocodilestick

Product Calibre-Web-Automated

Version 4.0.0

Affected Versions crocodilestick Calibre-Web-Automated 4.0.0
crocodilestick Calibre-Web-Automated 4.0.1
crocodilestick Calibre-Web-Automated 4.0.2
crocodilestick Calibre-Web-Automated 4.0.3
crocodilestick Calibre-Web-Automated 4.0.4
crocodilestick Calibre-Web-Automated 4.0.5
crocodilestick Calibre-Web-Automated 4.0.6

CWE Classification

CWE-306 CWE-287

References

{
    "lastseen": "",
    "description": "A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwa_functions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.",
    "published": "2026-05-04T00:15:11.837Z",
    "modified": "2026-05-04T00:15:11.837Z",
    "type": "cve",
    "title": "crocodilestick Calibre-Web-Automated Admin Endpoint cwa_functions.py missing authentication",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360890\nhttps://vuldb.com/vuln/360890/cti\nhttps://vuldb.com/submit/806468\nhttps://github.com/crocodilestick/Calibre-Web-Automated/issues/1304\nhttps://github.com/crocodilestick/Calibre-Web-Automated/pull/1308\nhttps://gist.github.com/menelausx/1b45c952d352a2ebdc01cd8d5aa88e87\nhttps://github.com/crocodilestick/Calibre-Web-Automated/",
    "id": "CVE-2026-7714",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306",
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "crocodilestick Calibre-Web-Automated 4.0.0\ncrocodilestick Calibre-Web-Automated 4.0.1\ncrocodilestick Calibre-Web-Automated 4.0.2\ncrocodilestick Calibre-Web-Automated 4.0.3\ncrocodilestick Calibre-Web-Automated 4.0.4\ncrocodilestick Calibre-Web-Automated 4.0.5\ncrocodilestick Calibre-Web-Automated 4.0.6",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Calibre-Web-Automated",
    "version": "4.0.0",
    "vendor": "crocodilestick",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}