CVE-2026-23478 | calcom cal.com up to 6.0.6 JWT Call session.update client-side enforcement of server-side security (GHSA-7hg4-x4pr-3hrg)

A vulnerability described as critical has been identified in calcom cal.com up to 6.0.6. This affects the function session.update of the component JWT Call Handler. Such manipulation leads to client-side enforcement of server-side security.

This vulnerability is traded as CVE-2026-23478. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More