Known Vulnerabilities for Koha by Koha Community
Listed below are 6 of the newest known vulnerabilities associated with "Koha" by "Koha Community".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-26379 json | Koha versions up to 25.11 contain a Server-Side Request Forgery (SSRF) vulnerability via the Z39.50/SRU server configuration.... | Not Provided | 2026-06-03 | 2026-06-04 |
| CVE-2026-26378 json | Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file uploa... | Not Provided | 2026-06-03 | 2026-06-04 |
| CVE-2026-6428 json | SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before... | Not Provided | 2026-06-13 | 2026-06-13 |
| CVE-2024-36058 json | The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to ... | Not Provided | 2026-04-07 | 2026-04-09 |
| CVE-2024-36057 json | Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code executi... | Not Provided | 2026-04-07 | 2026-04-09 |
| CVE-2022-0495 json | The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL... | Not Provided | 2022-09-21 | 2026-05-20 |