Calcom Cal.com
3 CVEs affecting Calcom Cal.com. Latest disclosed: 2026-01-13. Critical: 2, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-23478 | Critical | 9.8 | 2026-01-13 | Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gai… |
CVE-2025-66489 | Critical | 9.8 | 2025-12-03 | Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a… |
CVE-2023-37919 | Medium | 6.5 | 2023-07-25 | Cal.com is open-source scheduling software. A vulnerability allows active sessions associated with an account to remain active even after enabling 2FA. When ac… |