CVE-2026-7714
Authentication Bypass in Calibre-Web-Automated
Publication date: 2026-05-04
Last updated on: 2026-05-04
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| crocodilestick | calibre-web-automated | to 4.0.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7714 is a security vulnerability in Calibre-Web-Automated up to version 4.0.6 where several administrative endpoints are accessible without authentication.
Specifically, endpoints like Convert Library and EPUB Fixer allow unauthorized remote users to initiate bulk library processing operations, such as converting non-EPUB files to EPUB and rewriting existing EPUB files with backups.
These endpoints can be triggered by simple GET requests without any authentication, exposing sensitive administrative functions.
The vulnerability arises from missing authentication checks in the cps/cwa_functions.py file, particularly in the Admin Endpoint component.
An exploit has been published and can be used to misuse these administrative functions.
The issue was addressed by adding authentication requirements to these endpoints, ensuring only users with admin credentials can access them.
How can this vulnerability impact me? :
This vulnerability can be exploited remotely by unauthorized users to trigger resource-intensive bulk processing operations on the digital library.
- Initiating full-library conversions and EPUB file rewriting without permission.
- Consuming significant CPU and disk resources, potentially leading to denial-of-service (DoS) conditions.
- Rapidly depleting disk space and causing system slowdowns or outages.
- Unauthorized access to administrative functions could lead to misuse or disruption of library operations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized access attempts to specific administrative endpoints that should require authentication but do not. The vulnerable endpoints include /cwa-convert-library-start and /cwa-epub-fixer-start, which can be accessed via simple GET requests to trigger bulk library processing operations.
To detect exploitation attempts on your system or network, you can check your web server or application logs for unauthenticated GET requests to these endpoints.
- Use command-line tools like grep to search logs for suspicious requests, for example: grep "/cwa-convert-library-start" /var/log/nginx/access.log
- Similarly, grep "/cwa-epub-fixer-start" /var/log/nginx/access.log
Additionally, monitoring CPU and disk usage spikes may indicate that the bulk processing tasks have been triggered without authorization.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves restricting access to the vulnerable administrative endpoints by enforcing authentication.
The vulnerability was addressed by adding authentication requirements to these endpoints, ensuring only users with admin credentials can access them.
- Apply the fix implemented in Pull Request #1308 which adds authentication checks to the Convert Library and EPUB Fixer endpoints.
- If patching immediately is not possible, restrict network access to these endpoints using firewall rules or web server configuration to allow only trusted users.
- Monitor your system for any signs of exploitation and consider temporarily disabling the affected features until the fix is applied.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated remote access to administrative endpoints, enabling attackers to trigger bulk library processing operations and access logs without proper authentication.
This lack of authentication on critical administrative functions could lead to unauthorized actions and potential misuse of system resources, which may result in non-compliance with security requirements mandated by standards such as GDPR and HIPAA that require protection of sensitive data and controlled access.
However, the provided information does not explicitly state the impact on data privacy or specific regulatory compliance, only that unauthorized access to administrative endpoints is possible.