Cyber Resilience

CVE-2026-0615

High

Published: 16 January 2026

Published
16 January 2026
Modified
23 January 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0002 6.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0615 is a high-severity an unspecified weakness vulnerability in Thelibrarian The Librarian. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Process Discovery (T1057); ranked at the 6.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-0615 is a vulnerability in TheLibrarian backend where the supervisord status page can be retrieved via the web_fetch tool, exposing information about running processes. This affects TheLibrarian software, with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). The issue is categorized under NVD-CWE-noinfo.

Remote attackers can exploit this vulnerability over the network with low complexity, requiring no privileges, authentication, or user interaction. Successful exploitation allows retrieval of running processes within the backend, resulting in low impacts to confidentiality, integrity, and availability.

The vendor has fixed the vulnerability in all affected versions. Additional details are available in the vendor advisory at https://thelibrarian.io/ and a related analysis at http://mindgard.ai/blog/thelibrarian-ios-ai-security-.

EU & UK References

Vulnerability details

The Librarian `supervisord` status page can be retrieved by the `web_fetch` tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1057 Process Discovery Discovery
Adversaries may attempt to get information about running processes on a system.
Why these techniques?

Vulnerability directly exposes running process information from supervisord status page via unauthenticated web_fetch access, enabling remote Process Discovery.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-0616Same product: Thelibrarian The Librarian
CVE-2026-0613Same product: Thelibrarian The Librarian
CVE-2026-0612Same product: Thelibrarian The Librarian

Affected Assets

thelibrarian
the librarian
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces access control policy so the web_fetch tool cannot retrieve the supervisord status page or any other internal backend resource without explicit authorization.

prevent

Restricts the web_fetch tool to only the minimum privileges required, preventing it from reaching sensitive process-status endpoints.

prevent

Applies boundary-protection mechanisms that block external or untrusted tool access to internal management interfaces such as supervisord.

References