CVE-2026-0616

high

Description

TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions.

References

https://mindgard.ai/blog/thelibrarian-ios-ai-security-disclosure

https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html

https://kb.cert.org/vuls/id/383552

https://thelibrarian.io/

Details

Source: Mitre, NVD

Published: 2026-01-16

Updated: 2026-01-23

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N