CVE-2026-0613

High

Published: 16 January 2026

Published

16 January 2026

Modified

23 January 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0001 3.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0613 is a high-severity SSRF (CWE-918) vulnerability in Thelibrarian The Librarian. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 3.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CA-8 Penetration Testing

addresses: CWE-918

Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.

SC-7 Boundary Protection

addresses: CWE-918

Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.

SI-10 Information Input Validation

addresses: CWE-918

Validates server-side URLs and resource references to block SSRF attempts.

SI-4 System Monitoring

addresses: CWE-918

Detects server-side request forgery through monitoring of unexpected outbound connections.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1046 Network Service Discovery Discovery

Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.

attack.mitre.org →

Why these techniques?

SSRF vuln in public-facing app directly enables exploitation via T1190 and facilitates internal network/port scanning via T1046.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses.…

The vendor has fixed the vulnerability in all affected versions.

Deeper analysisAI

CVE-2026-0613 is a server-side request forgery (SSRF) vulnerability, classified under CWE-918, affecting The Librarian software. It stems from the `web_fetch` tool, which enables SSRF-style GET requests to internal IP addresses and services, allowing internal port scanning within the Hetzner cloud environment used by TheLibrarian. The vulnerability received a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and was published on 2026-01-16.

Any unauthenticated attacker with network access can exploit this vulnerability due to its low complexity and lack of required privileges. Successful exploitation allows the attacker to perform port scanning of internal services in the Hetzner cloud, potentially leading to high confidentiality impacts by revealing sensitive internal network details without affecting integrity or availability.

The vendor has addressed the issue by fixing it in all affected versions of The Librarian. Additional details are available in the Mindgard disclosure at https://mindgard.ai/blog/thelibrarian-ios-ai-security-disclosure and on the vendor site at https://thelibrarian.io/.