CNNVD-202601-1960 Information

CNNVD ID

CNNVD-202601-1960

Related CVE

CVE-2026-23478

• CNNVD Published: 2026-01-13

Description (Chinese)

Cal.com是Cal.com开源的一个开源的日程安排软件。 Cal.com 3.1.6版本至6.0.7之前版本存在安全漏洞，该漏洞源于自定义NextAuth JWT回调存在缺陷，可能导致攻击者通过session.update()获取对任何用户帐户的完全身份验证访问权限。

Description (English)

Cal.com is an open-source scheduling software for Cal.com. There is a security loophole in Cal.com 3.1.6 to 6.0.7, which stems from the defects in the self-defined NextAuth JWT callback, which may lead the attackers to obtain full authentication access to any user account through session.update().

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Cal.com

Published

2026-01-13

Last Modified

2026-02-24

References

https://github.com/calcom/cal.com/security/advisories/GHSA-7hg4-x4pr-3hrg https://access.redhat.com/security/cve/cve-2026-23478

Patch

https://github.com/calcom/cal.com/releases