Search criteria
4 vulnerabilities by TheLibrarian
CVE-2026-0615 (GCVE-0-2026-0615)
Vulnerability from cvelistv5 – Published: 2026-01-16 12:47 – Updated: 2026-01-16 14:38
VLAI?
Title
CVE-2026-0615
Summary
The Librarian `supervisord` status page can be retrieved by the `web_fetch` tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions.
Severity ?
7.3 (High)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TheLibrarian | TheLibrarian.io |
Affected:
0 , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T14:38:33.181564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T14:38:37.462Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TheLibrarian.io",
"vendor": "TheLibrarian",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Librarian `supervisord` status page can be retrieved by the `web_fetch` tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T12:47:27.747Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "http://mindgard.ai/blog/thelibrarian-ios-ai-security-"
},
{
"url": "https://thelibrarian.io/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-0615",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-0615"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-0615",
"datePublished": "2026-01-16T12:47:27.747Z",
"dateReserved": "2026-01-05T17:41:40.682Z",
"dateUpdated": "2026-01-16T14:38:37.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0616 (GCVE-0-2026-0616)
Vulnerability from cvelistv5 – Published: 2026-01-16 12:46 – Updated: 2026-01-16 21:40
VLAI?
Title
CVE-2026-0616
Summary
TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions.
Severity ?
7.5 (High)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TheLibrarian | TheLibrarian.io |
Affected:
0 , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T21:39:40.680029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T21:40:36.626Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TheLibrarian.io",
"vendor": "TheLibrarian",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T12:46:58.266Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://mindgard.ai/blog/thelibrarian-ios-ai-security-disclosure"
},
{
"url": "https://thelibrarian.io/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-0616",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-0616"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-0616",
"datePublished": "2026-01-16T12:46:58.266Z",
"dateReserved": "2026-01-05T17:42:09.153Z",
"dateUpdated": "2026-01-16T21:40:36.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0613 (GCVE-0-2026-0613)
Vulnerability from cvelistv5 – Published: 2026-01-16 12:46 – Updated: 2026-01-16 21:41
VLAI?
Title
CVE-2026-0613
Summary
The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions.
Severity ?
7.5 (High)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TheLibrarian | TheLibrarian.io |
Affected:
0 , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0613",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T21:41:27.699155Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T21:41:53.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TheLibrarian.io",
"vendor": "TheLibrarian",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T12:46:02.733Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://mindgard.ai/blog/thelibrarian-ios-ai-security-disclosure"
},
{
"url": "https://thelibrarian.io/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-0613",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-0613"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-0613",
"datePublished": "2026-01-16T12:46:02.733Z",
"dateReserved": "2026-01-05T17:40:07.817Z",
"dateUpdated": "2026-01-16T21:41:53.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0612 (GCVE-0-2026-0612)
Vulnerability from cvelistv5 – Published: 2026-01-16 12:44 – Updated: 2026-01-16 21:42
VLAI?
Title
CVE-2026-0612
Summary
The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used to proxy requests through The Librarian infrastructure. The vendor has fixed the vulnerability in all versions of TheLibrarian.
Severity ?
7.5 (High)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TheLibrarian | TheLibrarian.io |
Affected:
0 , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T21:42:18.745012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T21:42:52.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TheLibrarian.io",
"vendor": "TheLibrarian",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used to proxy requests through The Librarian infrastructure. The vendor has fixed the vulnerability in all versions of TheLibrarian."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T12:44:59.806Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "http://mindgard.ai/blog/thelibrarian-ios-ai-security-"
},
{
"url": "https://thelibrarian.io/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-0612",
"x_generator": {
"engine": "VINCE 3.0.31",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-0612"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-0612",
"datePublished": "2026-01-16T12:44:59.806Z",
"dateReserved": "2026-01-05T17:39:25.528Z",
"dateUpdated": "2026-01-16T21:42:52.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}