Main Vulnerability Database Vulnerabilities #VU130157

Authorization bypass through user-controlled key in Kavita - #VU130157

Published: May 5, 2026

Vulnerability identifier: #VU130157

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-639

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Kareadita

Affected software:
Kavita

Detailed vulnerability description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in /api/Download/* endpoints and /api/Chapter endpoint when handling requests with user-supplied chapterId, volumeId, or seriesId values. A remote privileged user can send crafted requests with guessed or enumerated IDs to disclose sensitive information.

Sequential integer entity IDs make content enumeration easier, and the issue affects file downloads, file size queries, and chapter metadata retrieval for libraries the user is not assigned to.

Remediation

Install security update from vendor's website.

Sources

https://github.com/Kareadita/Kavita/security/advisories/GHSA-x3jq-95xw-gwvr

Authorization bypass through user-controlled key in Kavita - #VU130157

Detailed vulnerability description

Remediation

Sources

Please verify you're human