CVE-2026-44776

Published: Mag 26, 2026 Last Modified: Mag 26, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,9
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A

Description

AI Translation Available

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can download the full file contents, query file sizes, and read metadata for that content. This affects /api/Download/volume-size, /api/Download/chapter-size, /api/Download/series-size, /api/Download/volume, /api/Download/chapter, /api/Download/series, and /api/Chapter. This vulnerability is fixed in 0.9.0.

639

Authorization Bypass Through User-Controlled Key

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Bypass Protection Mechanism Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: High
View CWE Details
https://github.com/Kareadita/Kavita/security/advisories/GHS…
https://github.com/Kareadita/Kavita/security/advisories/GHSA-x3jq-95xw-gwvr
https://github.com/Kareadita/Kavita/security/advisories/GHS…
https://github.com/Kareadita/Kavita/security/advisories/GHSA-x3jq-95xw-gwvr