CVE-2026-0616
Published: 16 January 2026
Summary
CVE-2026-0616 is a high-severity an unspecified weakness vulnerability in Thelibrarian The Librarian. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 3.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in public-facing web_fetch tool enables remote unauthenticated access to internal Adminer/backend interface, directly mapping to exploitation of public-facing applications.
NVD Description
TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions.
Deeper analysisAI
CVE-2026-0616 is a vulnerability in TheLibrarian software, specifically its web_fetch tool, which allows retrieval of Adminer interface content. This content can then be used to log into the internal TheLibrarian backend system. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating network accessibility with low attack complexity, no privileges or user interaction required, and high confidentiality impact.
Remote attackers with network access can exploit this vulnerability without authentication. By using the web_fetch tool, they can obtain the Adminer interface and leverage it to gain unauthorized access to the internal backend system.
The vendor has addressed the vulnerability by fixing it in all affected versions. Additional details are available in the referenced advisories at https://mindgard.ai/blog/thelibrarian-ios-ai-security-disclosure and https://thelibrarian.io/.
Details
- CWE(s)