Calibre-Web Improper Authorization Vulnerability in Kobo Authentication Endpoint

Vulnerability

An improper authorization vulnerability has been identified in Janeczku Calibre-Web versions through 0.6.26. The issue arises in the Endpoint component, specifically within the generate_auth_token function of the kobo_auth.py file. This vulnerability allows for unauthorized actions by manipulating the user_id argument, and can be exploited remotely. Publicly available exploits exist for this vulnerability.

Impact

Exploitation of this vulnerability allows for improper authorization, enabling persistent user impersonation.

Added: May 3, 2026, 11:19 PM

Updated: May 3, 2026, 11:19 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.3

exploitability

8.4

remediation

0.0

relevance

7.3

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.3

exploitability

8.4

remediation

0.0

relevance

7.3

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Calibre-Web Improper Authorization Vulnerability in Kobo Authentication Endpoint

Vulnerability

Impact

Affected Products

janeczku Calibre-Web

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating