EUVD-2026-31937

🗓️ 26 May 2026 17:29:40Reported by EUVDType

Kavita before version 0.9.0 allows unauthorized downloads, sizes, and metadata by guessing IDs.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-44776	26 May 202617:29	–	attackerkb
Circl	CVE-2026-44776	26 May 202619:18	–	circl
CNNVD	kavita 安全漏洞	26 May 202600:00	–	cnnvd
CVE	CVE-2026-44776	26 May 202617:29	–	cve
Cvelist	CVE-2026-44776 Kavita: IDOR in /api/Download/*	26 May 202617:29	–	cvelist
NVD	CVE-2026-44776	26 May 202618:16	–	nvd
Positive Technologies	PT-2026-38909	8 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-44776	5 Jun 202619:25	–	redhatcve
Vulnrichment	CVE-2026-44776 Kavita: IDOR in /api/Download/*	26 May 202617:29	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "a788faae-ed4a-33bd-ac9e-9b1e28d4db5f",
        "vendor": {
          "name": "kareadita"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "b3fa32c8-b9f1-345c-a654-b8d5b6a06654",
        "product": {
          "name": "Kavita",
          "vendor": {
            "name": "kareadita"
          }
        },
        "product_version": "< 0.9.0"
      }
    ]
  }
]

Source	Link
github	www.github.com/Kareadita/Kavita/security/advisories/GHSA-x3jq-95xw-gwvr

26 May 2026 18:27Current

5.7Medium risk

Vulners AI Score5.7

CVSS 45.9

EPSS0.00047

SSVC