Cal.com

One API Call to Hijack: Critical Cal.com Flaw (CVE-2026-23478, CVSS 10) Bypasses 2FA Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

One API Call to Hijack: Critical Cal.com Flaw (CVE-2026-23478, CVSS 10) Bypasses 2FA

Ddos January 15, 2026

Critical Cal.com Flaw (CVE-2025-66489, CVSS 9.9) Allows Authentication Bypass by Submitting Fake TOTP Codes Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

Critical Cal.com Flaw (CVE-2025-66489, CVSS 9.9) Allows Authentication Bypass by Submitting Fake TOTP Codes

Ddos December 8, 2025