漏洞描述
Cal.com 在 3.1.6 至 6.0.7 之前版本中,其自定义 NextAuth JWT 回调逻辑存在身份认证绕过漏洞,攻击者可通过调用 session.update() 并构造目标用户的邮箱地址,直接获取任意用户的完整登录会话权限,从而实现账户接管。
Cal.com /api/auth/session 权限绕过漏洞(CVE-2026-23478)
PoC代码
暂无相关漏洞推荐
- POC CVE-2015-8350: WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS
- POC CVE-2025-9808: The Events Calendar <= 6.15.2 - Information Disclosure
- POC wp-the-events-calendar-fpd: WordPress The Events Calendar - Full Path Disclosure
- POC wp-caldera-forms-xss: Caldera Forms <= 1.5.4 - Cross-Site Scripting
- 天锐绿盾审批系统 endCallback fastjson 反序列化漏洞
- POC CVE-2022-0879: Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
- POC 快普M6 /WebService/SeatManageService.asmx/GetCallInfo SQL 注入漏洞
- POC 金和OA CallSystemShow.aspx SQL注入漏洞
- POC CVE-2012-1835: WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
- POC CVE-2012-4242: WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
- POC CVE-2015-2196: WordPress Spider Calendar <=1.4.9 - SQL Injection
- POC CVE-2018-19207: WP GDPR Compliance < 1.4.3 - Unauthenticated Call Any Action or Update Any Option
- POC CVE-2019-15713: WordPress My Calendar <= 3.1.9 - Cross-Site Scripting