Login Sign Up

CVE-2026-0615

7.3 HIGH

📋 TL;DR

This vulnerability allows unauthenticated access to the Librarian supervisord status page via the web_fetch tool, exposing running process information from TheLibrarian backend. It affects systems running vulnerable versions of TheLibrarian software. The vendor has released fixes for all affected versions.

💻 Affected Systems

Products:
  • TheLibrarian
Versions: All versions before vendor fix
Operating Systems: iOS, Likely cross-platform as TheLibrarian appears to be a backend service
Default Config Vulnerable: ⚠️ Yes
Notes: Affects TheLibrarian backend systems with supervisord status page accessible via web_fetch tool.

📦 What is this software?

The Librarian by Thelibrarian

View all CVEs affecting The Librarian →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could map internal processes, identify potential attack surfaces, and use process information to plan further attacks against TheLibrarian backend.

🟠

Likely Case

Information disclosure of running processes, potentially revealing sensitive application details or configuration information.

🟢

If Mitigated

Limited information exposure with no direct code execution or data modification capabilities.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication via web_fetch tool.
🏢 Internal Only: MEDIUM - Internal attackers could still exploit this to gather reconnaissance information about the backend.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation appears straightforward using the web_fetch tool to access the supervisord status page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Vendor has fixed in all affected versions (specific version numbers not provided in references)

Vendor Advisory: https://thelibrarian.io/

Restart Required: Yes

Instructions:

1. Check current TheLibrarian version. 2. Update to latest version from official vendor source. 3. Restart TheLibrarian services. 4. Verify the supervisord status page is no longer accessible via web_fetch.

🔧 Temporary Workarounds

Block web_fetch access to supervisord endpoint

linux

Configure network or application firewall to block access to the supervisord status page from unauthorized sources.

# Example using iptables (adjust port as needed)
# iptables -A INPUT -p tcp --dport 9001 -j DROP

Disable or restrict supervisord web interface

all

Modify supervisord configuration to disable the web interface or restrict it to localhost only.

# Edit /etc/supervisord.conf or equivalent
# Change: [inet_http_server] section
# port=127.0.0.1:9001 (instead of *:9001)

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate TheLibrarian backend from untrusted networks
  • Deploy web application firewall (WAF) rules to block requests to supervisord endpoints

🔍 How to Verify

Check if Vulnerable:

Use web_fetch or curl to attempt accessing the supervisord status page endpoint (typically port 9001) from an external system.

Check Version:

Check TheLibrarian documentation or contact vendor for version checking method.

Verify Fix Applied:

Attempt the same web_fetch/curl command after patching - should receive access denied or connection refused.

📡 Detection & Monitoring

Log Indicators:

  • Access logs showing requests to /supervisor or similar supervisord endpoints from unauthorized IPs
  • Web server logs with 200 OK responses to supervisord status page requests

Network Indicators:

  • Outbound connections to supervisord default port (9001) from external IPs
  • HTTP GET requests to /RPC2 or /supervisor endpoints

SIEM Query:

source="web_logs" AND (uri="/supervisor" OR uri="/RPC2") AND response_code=200

📊 Metadata

CVE ID: CVE-2026-0615
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score: 0.05% exploit probability (15th percentile)
Published: January 16, 2026
Last Updated: January 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON