CVE-2026-47202

Vulnerability Description

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2.

Vulnerability Details

Published Date

May 26, 2026

Last Modified

May 26, 2026

CWE ID

CWE-287

Source

NVD

Vendor

Kareadita

Product

Kavita

External References

https://github.com/Kareadita/Kavita/releases/tag/v0.9.0.2
https://github.com/Kareadita/Kavita/security/advisories/GHSA-m2v3-fcjh-hm22

CVE-2026-47202

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment