Executive Summary

CVE-2026-7714 is a security vulnerability in Calibre-Web-Automated up to version 4.0.6 where several administrative endpoints are accessible without authentication.

Specifically, endpoints like Convert Library and EPUB Fixer allow unauthorized remote users to initiate bulk library processing operations, such as converting non-EPUB files to EPUB and rewriting existing EPUB files with backups.

These endpoints can be triggered by simple GET requests without any authentication, exposing sensitive administrative functions.

The vulnerability arises from missing authentication checks in the cps/cwa_functions.py file, particularly in the Admin Endpoint component.

An exploit has been published and can be used to misuse these administrative functions.

The issue was addressed by adding authentication requirements to these endpoints, ensuring only users with admin credentials can access them.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can be exploited remotely by unauthorized users to trigger resource-intensive bulk processing operations on the digital library.

• Initiating full-library conversions and EPUB file rewriting without permission.
• Consuming significant CPU and disk resources, potentially leading to denial-of-service (DoS) conditions.
• Rapidly depleting disk space and causing system slowdowns or outages.
• Unauthorized access to administrative functions could lead to misuse or disruption of library operations.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized access attempts to specific administrative endpoints that should require authentication but do not. The vulnerable endpoints include /cwa-convert-library-start and /cwa-epub-fixer-start, which can be accessed via simple GET requests to trigger bulk library processing operations.

To detect exploitation attempts on your system or network, you can check your web server or application logs for unauthenticated GET requests to these endpoints.

• Use command-line tools like grep to search logs for suspicious requests, for example: grep "/cwa-convert-library-start" /var/log/nginx/access.log
• Similarly, grep "/cwa-epub-fixer-start" /var/log/nginx/access.log

Additionally, monitoring CPU and disk usage spikes may indicate that the bulk processing tasks have been triggered without authorization.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation involves restricting access to the vulnerable administrative endpoints by enforcing authentication.

The vulnerability was addressed by adding authentication requirements to these endpoints, ensuring only users with admin credentials can access them.

• Apply the fix implemented in Pull Request #1308 which adds authentication checks to the Convert Library and EPUB Fixer endpoints.
• If patching immediately is not possible, restrict network access to these endpoints using firewall rules or web server configuration to allow only trusted users.
• Monitor your system for any signs of exploitation and consider temporarily disabling the affected features until the fix is applied.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows unauthenticated remote access to administrative endpoints, enabling attackers to trigger bulk library processing operations and access logs without proper authentication.

This lack of authentication on critical administrative functions could lead to unauthorized actions and potential misuse of system resources, which may result in non-compliance with security requirements mandated by standards such as GDPR and HIPAA that require protection of sensitive data and controlled access.

However, the provided information does not explicitly state the impact on data privacy or specific regulatory compliance, only that unauthorized access to administrative endpoints is possible.

Useful 0 Not Useful 0