CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Cal: >> Cal.com >> 5.9.15 Security Vulnerabilities

CVE-2026-23478

Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update(). This vulnerability is fixed in 6.0.7.

CVSS Score

10.0

EPSS Score

0.001

Published

2026-01-13

Page 1

Vulnerabilities

Vulnerable Software

Cal: >> Cal.com >> 5.9.15 Security Vulnerabilities

Products

Pricing

Contact Us