Thelibrarian The Librarian — known CVE vulnerabilities
Every CVE whose affected-product data names Thelibrarian The Librarian, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2026-0612 — CVSS 7.5 (high): The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can be used to retrieve arbitrary external…
CVE-2026-0613 — CVSS 7.5 (high): The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style…
CVE-2026-0616 — CVSS 7.5 (high): TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal…
CVE-2026-0615 — CVSS 7.3 (high): The Librarian `supervisord` status page can be retrieved by the `web_fetch` tool, which can be used to retrieve running processes within…