Calibre Web Automated
Monthly
Authentication bypass in Calibre-Web-Automated up to version 4.0.6 allows remote unauthenticated attackers to access admin endpoints in the cps/cwa_functions.py component, specifically affecting Convert Library and EPUB Fixer administrative functions. Multiple endpoints lacking required authentication decorators (@login_required_if_no_ano and @admin_required) permit unauthorized users to trigger book conversions, manage conversion jobs, download logs, and manipulate EPUB files. Publicly available exploit code exists and patch is available from vendor.
Authentication bypass in Calibre-Web-Automated up to version 4.0.6 allows remote unauthenticated attackers to access admin endpoints in the cps/cwa_functions.py component, specifically affecting Convert Library and EPUB Fixer administrative functions. Multiple endpoints lacking required authentication decorators (@login_required_if_no_ano and @admin_required) permit unauthorized users to trigger book conversions, manage conversion jobs, download logs, and manipulate EPUB files. Publicly available exploit code exists and patch is available from vendor.