NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-47202

Summary	Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2.
Publication Date	May 27, 2026, 3:16 a.m.
Registration Date	May 27, 2026, 4:08 a.m.
Last Update	May 27, 2026, 3:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/Kareadita/Kavita/releases/tag/v0.9.0.2	security-advisories@github.com
2	https://github.com/Kareadita/Kavita/security/advisories/GHSA-m2v3-fcjh-hm22	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-287	不適切な認証	https://cwe.mitre.org/data/definitions/287.html
2	CWE-345	データの信頼性についての不十分な検証	https://cwe.mitre.org/data/definitions/345.html
3	CWE-697	不適切な比較	https://cwe.mitre.org/data/definitions/697.html