Description
The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions.
Published: 2026-01-16
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Internal Network Discovery via SSRF
Action: Apply Fix
AI Analysis

Impact

The Librarian contains an internal port scanning flaw built into its web_fetch utility. The flaw allows an attacker to issue GET requests that the application forwards to arbitrary internal IP addresses and ports. This server‑side request forgery can be leveraged to probe the internal network, revealing services and configurations deployed in the Hertzner cloud infrastructure that the application relies on. Such reconnaissance can expose critical services that might later be targeted for credential theft or further attacks.

Affected Systems

All versions of TheLibrarian.io that include the vulnerable web_fetch tool are affected. The vendor has fixed the issue in all affected releases.

Risk and Exploitability

The CVSS score of 7.5 conveys a high severity, yet the EPSS score of less than 1% indicates a low expected exploitation probability in the wild. The vulnerability is not listed in the CISA KEV catalog. An attacker only needs to invoke the web_fetch endpoint with crafted parameters; no additional privileges are required. Exploitation grants internal network visibility but does not provide direct code execution or data exfiltration capabilities.

Generated by OpenCVE AI on April 18, 2026 at 16:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest patched release of TheLibrarian that addresses the web_fetch SSRF flaw.
  • Enforce firewall or NAT rules that block outbound traffic from web_fetch to internal networks, limiting the scope of the SSRF.
  • Restrict access to the web_fetch endpoint by implementing authentication or role‑based controls, ensuring only authorized users can invoke the function.

Generated by OpenCVE AI on April 18, 2026 at 16:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 23 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Thelibrarian the Librarian
Weaknesses CWE-918
CPEs cpe:2.3:a:thelibrarian:the_librarian:-:*:*:*:*:*:*:*
Vendors & Products Thelibrarian the Librarian

Mon, 19 Jan 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Thelibrarian
Thelibrarian thelibrarian
Vendors & Products Thelibrarian
Thelibrarian thelibrarian

Fri, 16 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 16 Jan 2026 13:00:00 +0000

Type Values Removed Values Added
Description The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions.
Title CVE-2026-0613
References

Subscriptions

Thelibrarian The Librarian Thelibrarian
cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-01-16T21:41:53.497Z

Reserved: 2026-01-05T17:40:07.817Z

Link: CVE-2026-0613

cve-icon Vulnrichment

Updated: 2026-01-16T21:41:46.800Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-16T13:16:11.780

Modified: 2026-01-23T17:00:11.283

Link: CVE-2026-0613

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T16:15:04Z

Weaknesses