CVE-2026-47202

Sažetak

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2.

Reference

https://github.com/Kareadita/Kavita/releases/tag/v0.9.0.2
https://github.com/Kareadita/Kavita/security/advisories/GHSA-m2v3-fcjh-hm22

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

26-05-2026 - 19:19

Objavljeno

26-05-2026 - 18:16