CVE-2026-0613

high

Description

The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions.

References

https://mindgard.ai/blog/thelibrarian-ios-ai-security-disclosure

https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html

https://kb.cert.org/vuls/id/383552

https://thelibrarian.io/

Details

Source: Mitre, NVD

Published: 2026-01-16

Updated: 2026-01-23

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00031