Is there a public PoC exploit available for CVE-2026-7714?

Yes, a public proof-of-concept exploit is available for CVE-2026-7714. Prioritise patching immediately. EPSS: 0.1%.

Is there a patch available for CVE-2026-7714?

Yes, a patch is available for CVE-2026-7714. Update the affected software to the latest version immediately.

Calibre-Web-Automated CVE-2026-7714

Q: What is the CVSS score of CVE-2026-7714?

CVE-2026-7714 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-26865 MEDIUM

Missing Authentication for Critical Function (CWE-306)

2026-05-04 VulDB

Authentication Bypass

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 04, 2026 - 01:45 vuln.today

Analysis Generated

May 04, 2026 - 01:45 vuln.today

CVSS changed

May 04, 2026 - 01:22 NVD

6.5 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

May 04, 2026 - 01:16 vuln.today

Public exploit code

EUVD ID Assigned

May 04, 2026 - 01:15 euvd

EUVD-2026-26865

Analysis Generated

May 04, 2026 - 01:15 vuln.today

Patch released

May 04, 2026 - 01:15 nvd

Patch available

CVE Published

May 04, 2026 - 00:15 nvd

MEDIUM 5.5

DescriptionNVD

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwa_functions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.

AnalysisAI

Authentication bypass in Calibre-Web-Automated up to version 4.0.6 allows remote unauthenticated attackers to access admin endpoints in the cps/cwa_functions.py component, specifically affecting Convert Library and EPUB Fixer administrative functions. Multiple endpoints lacking required authentication decorators (@login_required_if_no_ano and @admin_required) permit unauthorized users to trigger book conversions, manage conversion jobs, download logs, and manipulate EPUB files. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7714 vulnerability details – vuln.today

Back

Calibre-Web-Automated CVE-2026-7714

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

Calibre-Web-Automated CVE-2026-7714

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code