Cyber Resilience

CVE-2026-0613

High

Published: 16 January 2026

Published
16 January 2026
Modified
23 January 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0002 4.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0613 is a high-severity SSRF (CWE-918) vulnerability in Thelibrarian The Librarian. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 4.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-0613 is a server-side request forgery (SSRF) vulnerability, classified under CWE-918, affecting The Librarian software. It stems from the `web_fetch` tool, which enables SSRF-style GET requests to internal IP addresses and services, allowing internal port scanning within the Hetzner cloud environment used by TheLibrarian. The vulnerability received a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and was published on 2026-01-16.

Any unauthenticated attacker with network access can exploit this vulnerability due to its low complexity and lack of required privileges. Successful exploitation allows the attacker to perform port scanning of internal services in the Hetzner cloud, potentially leading to high confidentiality impacts by revealing sensitive internal network details without affecting integrity or availability.

The vendor has addressed the issue by fixing it in all affected versions of The Librarian. Additional details are available in the Mindgard disclosure at https://mindgard.ai/blog/thelibrarian-ios-ai-security-disclosure and on the vendor site at https://thelibrarian.io/.

EU & UK References

Vulnerability details

The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses.…

more

The vendor has fixed the vulnerability in all affected versions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
Why these techniques?

SSRF vuln in public-facing app directly enables exploitation via T1190 and facilitates internal network/port scanning via T1046.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-0616Same product: Thelibrarian The Librarian
CVE-2026-0612Same product: Thelibrarian The Librarian
CVE-2026-0615Same product: Thelibrarian The Librarian
CVE-2024-13924Shared CWE-918
CVE-2026-42860Shared CWE-918
CVE-2025-25785Shared CWE-918
CVE-2024-53705Shared CWE-918
CVE-2026-5418Shared CWE-918
CVE-2026-45082Shared CWE-918
CVE-2026-7065Shared CWE-918

Affected Assets

thelibrarian
the librarian
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates web_fetch inputs (URLs) to reject requests targeting internal IP addresses or services, directly blocking the SSRF vector.

prevent

Enforces boundary controls that deny the application server from initiating outbound connections to internal Hetzner cloud hosts and ports.

prevent

Implements information flow policies that can restrict the web_fetch tool from sending GET requests across security domains to internal resources.

References