Threats Tagged 'cve-2026-27824'
View all threats tagged with 'cve-2026-27824'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-27824'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-27824: CWE-307: Improper Restriction of Excessive Authentication Attempts in kovidgoyal calibreCVE-2026-27824 0 calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both `remote_addr` and the `X-Forwarded-For` header. Since the `X-Forwarded-For` header is read directly from the HTTP request without any validation or trusted-proxy configuration, an attacker can bypass IP-based bans by simply changing or adding this header, rendering the brute-force protection completely ineffective. This is particularly dangerous for calibre servers exposed to the internet, where brute-force protection is the primary defense against credential stuffing and password guessing attacks. Version 9.4.0 contains a fix for the issue. Join the discussion | CVE Database V5 | 02/27/2026, 19:46:07 UTC Added: 02/27/2026, 19:56:11 UTC |
Showing 1 to 1 of 1 result