VYPR
Critical severityNVD Advisory· Published May 26, 2026· Updated May 26, 2026

CVE-2026-47202

CVE-2026-47202

Description

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Kareadita/Kavitareferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <0.9.0.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.