Skip to main content

Calibre Web Automated

1 CVEs product

Monthly

CVE-2026-7714 MEDIUM POC PATCH This Month

Authentication bypass in Calibre-Web-Automated up to version 4.0.6 allows remote unauthenticated attackers to access admin endpoints in the cps/cwa_functions.py component, specifically affecting Convert Library and EPUB Fixer administrative functions. Multiple endpoints lacking required authentication decorators (@login_required_if_no_ano and @admin_required) permit unauthorized users to trigger book conversions, manage conversion jobs, download logs, and manipulate EPUB files. Publicly available exploit code exists and patch is available from vendor.

Authentication Bypass Calibre Web Automated
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Authentication bypass in Calibre-Web-Automated up to version 4.0.6 allows remote unauthenticated attackers to access admin endpoints in the cps/cwa_functions.py component, specifically affecting Convert Library and EPUB Fixer administrative functions. Multiple endpoints lacking required authentication decorators (@login_required_if_no_ano and @admin_required) permit unauthorized users to trigger book conversions, manage conversion jobs, download logs, and manipulate EPUB files. Publicly available exploit code exists and patch is available from vendor.

Authentication Bypass Calibre Web Automated
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy