Description

The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions.

Related CPE's

a

thelibrarian

the_librarian

-

Vulnerable

References

https://mindgard.ai/blog/thelibrarian-ios-ai-security-disclosure

Third Party Advisory

https://thelibrarian.io/

Product

Weaknesses

[email protected]

Primary
CWE-918

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-16T13:16:11.780Z

1 month ago

Last modified

2026-01-23T17:00:11.283Z

4 weeks ago