SB20260505103 - Authorization bypass through user-controlled key in Kavita
Published: May 5, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Authorization bypass through user-controlled key (CVE-ID: CVE-2026-44776)
CWE-ID: CWE-639 - Authorization Bypass Through User-Controlled Key
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper access control in /api/Download/* endpoints and /api/Chapter endpoint when handling requests with user-supplied chapterId, volumeId, or seriesId values. A remote privileged user can send crafted requests with guessed or enumerated IDs to disclose sensitive information.
Sequential integer entity IDs make content enumeration easier, and the issue affects file downloads, file size queries, and chapter metadata retrieval for libraries the user is not assigned to.
Remediation
Install update from vendor's website.