CVE-2026-0615
Published: 16 January 2026
Summary
CVE-2026-0615 is a high-severity an unspecified weakness vulnerability in Thelibrarian The Librarian. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Process Discovery (T1057); ranked at the 4.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability directly exposes running process information from supervisord status page via unauthenticated web_fetch access, enabling remote Process Discovery.
NVD Description
The Librarian `supervisord` status page can be retrieved by the `web_fetch` tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions.
Deeper analysisAI
CVE-2026-0615 is a vulnerability in TheLibrarian backend where the supervisord status page can be retrieved via the web_fetch tool, exposing information about running processes. This affects TheLibrarian software, with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). The issue is categorized under NVD-CWE-noinfo.
Remote attackers can exploit this vulnerability over the network with low complexity, requiring no privileges, authentication, or user interaction. Successful exploitation allows retrieval of running processes within the backend, resulting in low impacts to confidentiality, integrity, and availability.
The vendor has fixed the vulnerability in all affected versions. Additional details are available in the vendor advisory at https://thelibrarian.io/ and a related analysis at http://mindgard.ai/blog/thelibrarian-ios-ai-security-.
Details
- CWE(s)