QSearchQSearch

CVE-2026-47202

Kavita is a cross platform reading server

Published: 2026-05-26 · Last updated: 2026-05-26

Severity and scoring

CWE
CWE-287, CWE-345, CWE-697

Description

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-53862 OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with... (4.2 MEDIUM)
  • CVE-2026-48780 Forem is open source software for building communities (8.2 HIGH)
  • CVE-2026-53900 Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a mali... (4.3 MEDIUM)
  • CVE-2026-53899 Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to rece... (6.5 MEDIUM)
  • CVE-2026-48114 Metacat is data repository software that helps researchers preserve, share, and discover data (9.8 CRITICAL)