Koha Vulnerabilities
Comprehensive security vulnerability database for Koha products
1
0
0
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-26377 | 5.4 | This vulnerability allows an attacker to run harmful code on a Koha system by exploiting the News function, which could lead to unauthorized actions or data theft. To take advantage of this, the attacker needs to trick a user into clicking on a malicious link while using the affected version of Koha. | kohakoha | Theoretical | about 1 month agoMar 5, 2026 |
About Koha Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Koha products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.