Cal.com, an open-source scheduling platform and developer-friendly various to Calendly, not too long ago patched a set of crucial vulnerabilities that uncovered consumer accounts and delicate reserving knowledge to attackers.
The issues, found by Gecko’s AI safety engineer in Cal.com Cloud, allowed full account takeover for any consumer and unauthorized entry to bookings throughout organizations, together with personal conferences and attendee metadata.
Gecko used its AI-augmented static evaluation platform to autonomously map Cal.com’s codebase, uncovering advanced multi-step vulnerability chains in only a few hours points that had beforehand evaded each present tooling and handbook penetration testing.
In line with Gecko, that is precisely the category of labor they intention to democratize: turning AI-augmented safety experience into one thing each developer and safety crew can use to safe software program at scale.
The investigation centered on damaged entry management, a class that continues to dominate real-world software safety.
OWASP’s 2025 Prime 10 stories that 100% of examined purposes had some type of damaged entry management, underscoring how pervasive these points are even in security-conscious, open-source tasks with giant contributor communities like Cal.com.
Account Takeover by way of Group
Essentially the most extreme problem was an authentication bypass within the group signup circulation that enabled attackers to hijack present Cal.com accounts utilizing solely an electronic mail tackle and a company invite hyperlink.
An attacker generates a shareable invite hyperlink for a company they personal, producing a URL like https://app.cal.com/signup?token=<64-char-hex-token>.
The vulnerability stemmed from three chained logic flaws within the signup course of:
- The
usernameCheckForSignupoperate defaulted toobtainable: trueand skipped crucial validation for customers who had been already members of any group. As a substitute of rejecting present verified customers, it handled group members as if their electronic mail had been free to register, permitting “re-signup” of lively accounts. - A second validation step solely checked for present customers inside the attacker’s group scope. The question filtered by
organizationId, asking successfully, “Does this electronic mail exist in my org?” as a substitute of worldwide. In consequence, verified customers in different organizations had been incorrectly handled as new. - Lastly, the signup handler executed a
prisma.consumer.upsert()withthe place: { electronic mail }towards a schema the place emails are globally distinctive. When the 2 flawed validations handed, this upsert matched the sufferer’s present file and up to date it, overwriting their password hash, setting a brand new username, marking the e-mail as verified, and reassigningorganizationIdto the attacker’s group.
In observe, the assault was trivial: an attacker created or used an present group, generated an invitation hyperlink resembling https://app.cal.com/signup?token=, and submitted the signup type with the sufferer’s electronic mail and a brand new password.
The signup succeeded, the sufferer was silently locked out, and the attacker gained full entry to the account, together with calendar integrations, OAuth tokens, bookings, and API keys. No notification was despatched to the sufferer.
Cal.com fastened this in model 6.0.8 by including strict consumer existence validation earlier than processing signups by way of invite tokens.
Bookings and Calendar Endpoints
A second class of vulnerabilities uncovered all reserving information and consumer knowledge by way of misconfigured API routes and IDOR-style flaws.
Gecko’s indexing course of recognized that Cal.com’s API v1 used underscore-prefixed information (_get.ts, _post.ts, _patch.ts, _delete.ts) as inner route handlers.
The primary index.ts entry level accurately utilized authorization middleware earlier than delegating to those handlers. Nevertheless, resulting from how Subsequent.js dealt with routing, the underscore information had been additionally uncovered as direct routes.
By instantly calling these inner routes, any authenticated consumer with a legitimate v1 API key may bypass the authorization middleware fully. This allowed studying and deleting bookings platform-wide, exposing:
- Attendee names, emails, and private particulars.
- Assembly metadata and calendar info.
- Full reserving histories throughout customers and organizations.
The identical sample affected vacation spot calendar endpoints, enabling deletion of any consumer’s vacation spot calendar by ID, silently breaking routing guidelines and doubtlessly disrupting enterprise workflows.
Cal.com mitigated this by updating its Subsequent.js middleware to explicitly block direct entry to inner route handlers resembling /_get, /_post, /_patch, /_delete, and /_auth-middleware, returning HTTP 403 for any direct requests to those paths.
These findings underline how small, localized bugs in authentication and authorization logic can chain into full compromise of accounts and delicate knowledge.
For Cal.com, the affect reached from full account takeover together with admins and paid customers to publicity of extremely delicate PII embedded in bookings.
The incident reinforces the necessity for protection in depth: strict world id checks, constant authorization enforcement on each path, and cautious dealing with of framework routing conduct.
It additionally highlights the position of AI-augmented safety tooling. Gecko’s AI SAST engine, which builds a semantic index of the codebase and causes about knowledge flows and enterprise logic, was key in surfacing these advanced chains shortly.
Gecko is at the moment making its platform obtainable in a free preview, inviting builders, vulnerability researchers, and safety engineers to experiment with AI-assisted code safety and convey this stage of study into their very own pipelines.
Observe us on Google Information, LinkedIn, and X to Get Prompt Updates and Set GBH as a Most well-liked Supply in Google.
