Critical Alert 3 Active Exploits Detected Today

CVE-2026-11645 Google Chromium V8 Out-of-Bounds Read and Write Vulnerability →
CVE-2026-7473 Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability →
CVE-2026-20245 Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability →
Powered by CVE Watchtower
×

Critical Alert

CVE-2026-50751 - Critical Check Point VPN Exploit Discovered Active in the Wild. View Threat Details →
Powered by CVE WATCHTOWER
×
June 10, 2026

CVE Watchtower


← Back to CVE List

CVE-2026-23478NVD

Vulnerability Summary

Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update(). This vulnerability is fixed in 6.0.7.
Severity Level
CRITICAL(10.0)
Published Date
Jan 13, 2026
Last Modified
Feb 3, 2026
Exploitation Status
????
EPSS Score (30-Day)
Data Pending
Root Weakness (CWE)
CWE-602: Unknown/Unlisted Weakness β†—
Refer to the official MITRE database for detailed architectural specifications regarding this weakness.
CVSS v4.0 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone

External References