Cal.Com
CVE-2026-23478
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionGitHub Advisory
Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update(). This vulnerability is fixed in 6.0.7.
AnalysisAI
Cal.com scheduling software (3.1.6 to 6.0.7) has a critical authentication bypass in the NextAuth JWT callback. Attackers can gain full access to any user account by supplying a target email via session.update(). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Cal.com versions 3.1.6 through 6.0.6 with custom NextAuth JWT callback enabled. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 9.8 (Critical). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker creates an account on Cal.com, then calls session.update() with the target user's email. Their session is updated to the target's account, granting full access to their calendar, bookings, and connected integrations. |
| Remediation | Update to Cal.com 6.0.7. Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all affected systems and apply vendor patches immediately. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today