CVE-2026-0613
Last modified
CVE-2026-0613 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions.. EPSS estimates a 0.37% chance of exploitation in the next 30 days.
Description
The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Thelibrarian | The Librarian | All versions |
References
- https://mindgard.ai/blog/thelibrarian-ios-ai-security-disclosureThird Party Advisory
- https://thelibrarian.io/Product
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-0613?
How severe is CVE-2026-0613?
How do I fix CVE-2026-0613?
Are you affected by CVE-2026-0613?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST