Cal Cal.com

4 CVEs affecting Cal Cal.com. Latest disclosed: 2026-01-13. Critical: 2, High: 1.

Top CVEs affecting Cal Cal.com
CVESeverityScorePublishedSummary
CVE-2026-23478Critical9.82026-01-13Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gai…
CVE-2025-66489Critical9.82025-12-03Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a…
CVE-2023-1647High8.82023-03-27Improper Access Control in GitHub repository calcom/cal.com prior to 2.7.
CVE-2023-37919Medium6.52023-07-25Cal.com is open-source scheduling software. A vulnerability allows active sessions associated with an account to remain active even after enabling 2FA. When ac…