SB20260505103 - Authorization bypass through user-controlled key in Kavita



SB20260505103 - Authorization bypass through user-controlled key in Kavita

Published: May 5, 2026

Security Bulletin ID SB20260505103
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Authorization bypass through user-controlled key (CVE-ID: CVE-2026-44776)

CWE-ID: CWE-639 - Authorization Bypass Through User-Controlled Key

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in /api/Download/* endpoints and /api/Chapter endpoint when handling requests with user-supplied chapterId, volumeId, or seriesId values. A remote privileged user can send crafted requests with guessed or enumerated IDs to disclose sensitive information.

Sequential integer entity IDs make content enumeration easier, and the issue affects file downloads, file size queries, and chapter metadata retrieval for libraries the user is not assigned to.


Remediation

Install update from vendor's website.