CVE-2026-0612

High

Published: 16 January 2026

Published

16 January 2026

Modified

23 January 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0001 3.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0612 is a high-severity an unspecified weakness vulnerability in Thelibrarian The Librarian. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Proxy (T1090); ranked at the 3.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Proxy (T1090) and 1 other technique.

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1090 Proxy Command And Control

Adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command and control server to avoid direct connections to their infrastructure.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Vulnerability directly provides arbitrary external request proxying capability (enables T1090) via a remotely exploitable flaw in a public-facing application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used to proxy requests through The Librarian infrastructure. The vendor has fixed the…

vulnerability in all versions of TheLibrarian.

Deeper analysisAI

CVE-2026-0612 is an information leakage vulnerability in The Librarian software, specifically within its `web_fetch` tool. This flaw allows the tool to retrieve arbitrary external content specified by an attacker, effectively enabling request proxying through The Librarian's infrastructure. The vulnerability affects versions of The Librarian prior to the vendor's fix, which has been applied across all versions.

The vulnerability can be exploited remotely over the network by unauthenticated attackers with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Successful exploitation grants high-impact confidentiality violations, permitting attackers to leak sensitive information or bypass network restrictions by proxying arbitrary requests through the affected infrastructure.

The vendor has addressed the issue in all versions of TheLibrarian, as stated in the CVE description. Additional details are available in the vendor's site at https://thelibrarian.io/ and a related advisory blog post at http://mindgard.ai/blog/thelibrarian-ios-ai-security-. Practitioners should ensure systems are updated to patched versions to mitigate the risk.

Details

CWE(s): NVD-CWE-noinfo

Affected Products

thelibrarian

the librarian

all versions

CVEs Like This One

CVE-2026-0616Same product: Thelibrarian The Librarian

CVE-2026-0613Same product: Thelibrarian The Librarian

CVE-2026-0615Same product: Thelibrarian The Librarian

References

http://mindgard.ai/blog/thelibrarian-ios-ai-security-
Third Party Advisory · cret@cert.org
https://thelibrarian.io/
Product · cret@cert.org