Lucene search
K

CVE-2026-44776

🗓️ 26 May 2026 17:29:40Reported by GitHub_MType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 22 Views🌐 WEB

CVE-2026-44776 Kavita allowed IDOR in download and metadata endpoints before 0.9.0.

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-44776
26 May 202617:29
attackerkb
Circl
CVE-2026-44776
26 May 202619:18
circl
CNNVD
kavita 安全漏洞
26 May 202600:00
cnnvd
Cvelist
CVE-2026-44776 Kavita: IDOR in /api/Download/*
26 May 202617:29
cvelist
EUVD
EUVD-2026-31937
26 May 202617:29
euvd
NVD
CVE-2026-44776
26 May 202618:16
nvd
OSV
CVE-2026-44776 Kavita: IDOR in /api/Download/*
26 May 202617:29
osv
Positive Technologies
PT-2026-38909
8 May 202600:00
ptsecurity
RedhatCVE
CVE-2026-44776
5 Jun 202619:25
redhatcve
Vulnrichment
CVE-2026-44776 Kavita: IDOR in /api/Download/*
26 May 202617:29
vulnrichment
Rows per page
Vulners
Node
kareaditakavitaRange<0.9.0
[
  {
    "vendor": "Kareadita",
    "product": "Kavita",
    "versions": [
      {
        "version": "< 0.9.0",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
volumeIdquery param/api/Download/volume-sizeUnauthorized access to volume size without library-level authorizationCWE-639
chapterIdquery param/api/Download/chapter-sizeUnauthorized access to chapter size without library-level authorizationCWE-639
seriesIdquery param/api/Download/series-sizeUnauthorized access to series size without library-level authorizationCWE-639
volumeIdquery param/api/Download/volumeUnauthorized download of volume contents without library-level authorizationCWE-639
chapterIdquery param/api/Download/chapterUnauthorized download of chapter contents without library-level authorizationCWE-639
seriesIdquery param/api/Download/seriesUnauthorized download of series contents without library-level authorizationCWE-639
chapterIdquery param/api/ChapterUnauthorized access to chapter metadata without library-level authorizationCWE-639

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 10:51Current
5.7Medium risk
Vulners AI Score5.7
CVSS 45.9
EPSS0.0025
SSVC
22