Cyber Resilience

CVE-2026-0616

High

Published: 16 January 2026

Published
16 January 2026
Modified
23 January 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0002 4.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0616 is a high-severity an unspecified weakness vulnerability in Thelibrarian The Librarian. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 4.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-4 (Information Flow Enforcement).

Deeper analysis

CVE-2026-0616 is a vulnerability in TheLibrarian software, specifically its web_fetch tool, which allows retrieval of Adminer interface content. This content can then be used to log into the internal TheLibrarian backend system. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating network accessibility with low attack complexity, no privileges or user interaction required, and high confidentiality impact.

Remote attackers with network access can exploit this vulnerability without authentication. By using the web_fetch tool, they can obtain the Adminer interface and leverage it to gain unauthorized access to the internal backend system.

The vendor has addressed the vulnerability by fixing it in all affected versions. Additional details are available in the referenced advisories at https://mindgard.ai/blog/thelibrarian-ios-ai-security-disclosure and https://thelibrarian.io/.

EU & UK References

Vulnerability details

TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Vulnerability in public-facing web_fetch tool enables remote unauthenticated access to internal Adminer/backend interface, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-0613Same product: Thelibrarian The Librarian
CVE-2026-0612Same product: Thelibrarian The Librarian
CVE-2026-0615Same product: Thelibrarian The Librarian

Affected Assets

thelibrarian
the librarian
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access restrictions on the web_fetch tool so it cannot retrieve Adminer interface content that enables unauthenticated login to the internal backend.

prevent

Enforces information-flow rules that block the web_fetch tool from pulling internal Adminer pages and using them to reach the backend system.

prevent

Applies boundary-protection mechanisms to stop external, unauthenticated web_fetch requests from reaching internal Adminer and backend resources.

References