FKIE_CVE-2026-0613

Vulnerability from fkie_nvd - Published: 2026-01-16 13:16 - Updated: 2026-01-23 17:00
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions.
References
cret@cert.orghttps://mindgard.ai/blog/thelibrarian-ios-ai-security-disclosureThird Party Advisory
cret@cert.orghttps://thelibrarian.io/Product
Impacted products
Vendor Product Version
thelibrarian the_librarian -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:thelibrarian:the_librarian:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8F0743-241A-47D8-B16A-8E3B94C6ABB8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions."
    },
    {
      "lang": "es",
      "value": "El Librarian contiene una vulnerabilidad interna de escaneo de puertos, facilitada por la herramienta \u0027web_fetch\u0027, que puede ser utilizada con un comportamiento de tipo SSRF para realizar solicitudes GET a direcciones IP y servicios internos, permitiendo el escaneo del entorno de nube de Hertzner que utiliza TheLibrarian. El proveedor ha corregido la vulnerabilidad en todas las versiones afectadas."
    }
  ],
  "id": "CVE-2026-0613",
  "lastModified": "2026-01-23T17:00:11.283",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-16T13:16:11.780",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://mindgard.ai/blog/thelibrarian-ios-ai-security-disclosure"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Product"
      ],
      "url": "https://thelibrarian.io/"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.