CVE-2026-0616

{"id": "CVE-2026-0616", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-01-16T13:16:11.960", "references": [{"url": "https://mindgard.ai/blog/thelibrarian-ios-ai-security-disclosure", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "https://thelibrarian.io/", "tags": ["Product"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions."}], "lastModified": "2026-01-23T16:59:34.530", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:thelibrarian:the_librarian:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE8F0743-241A-47D8-B16A-8E3B94C6ABB8"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}