CVE-2026-0613

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

16/01/2026

Last modified:

16/01/2026

Description

The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions.

Impact

References to Advisories, Solutions, and Tools

https://mindgard.ai/blog/thelibrarian-ios-ai-security-disclosure
https://thelibrarian.io/