Cal.com, an open-source scheduling platform and developer-friendly different to Calendly, just lately patched a set of essential vulnerabilities that uncovered person accounts and delicate reserving knowledge to attackers.
The issues, found by Gecko’s AI safety engineer in Cal.com Cloud, allowed full account takeover for any person and unauthorized entry to bookings throughout organizations, together with personal conferences and attendee metadata.
Gecko used its AI-augmented static evaluation platform to autonomously map Cal.com’s codebase, uncovering advanced multi-step vulnerability chains in only a few hours points that had beforehand evaded each current tooling and handbook penetration testing.
Based on Gecko, that is precisely the category of labor they purpose to democratize: turning AI-augmented safety experience into one thing each developer and safety group can use to safe software program at scale.
The investigation centered on damaged entry management, a class that continues to dominate real-world utility safety.
OWASP’s 2025 High 10 studies that 100% of examined purposes had some type of damaged entry management, underscoring how pervasive these points are even in security-conscious, open-source tasks with giant contributor communities like Cal.com.
Account Takeover through Group
Probably the most extreme challenge was an authentication bypass within the group signup stream that enabled attackers to hijack current Cal.com accounts utilizing solely an electronic mail handle and a corporation invite hyperlink.
An attacker generates a shareable invite hyperlink for a corporation they personal, producing a URL like https://app.cal.com/signup?token=<64-char-hex-token>.
The vulnerability stemmed from three chained logic flaws within the signup course of:
- The
usernameCheckForSignupperform defaulted toout there: trueand skipped essential validation for customers who had been already members of any group. As an alternative of rejecting current verified customers, it handled group members as if their electronic mail had been free to register, permitting “re-signup” of energetic accounts. - A second validation step solely checked for current customers throughout the attacker’s group scope. The question filtered by
organizationId, asking successfully, “Does this electronic mail exist in my org?” as an alternative of worldwide. Because of this, verified customers in different organizations had been incorrectly handled as new. - Lastly, the signup handler executed a
prisma.person.upsert()withthe place: { electronic mail }towards a schema the place emails are globally distinctive. When the 2 flawed validations handed, this upsert matched the sufferer’s current document and up to date it, overwriting their password hash, setting a brand new username, marking the e-mail as verified, and reassigningorganizationIdto the attacker’s group.
In follow, the assault was trivial: an attacker created or used an current group, generated an invitation hyperlink comparable to https://app.cal.com/signup?token=, and submitted the signup type with the sufferer’s electronic mail and a brand new password.
The signup succeeded, the sufferer was silently locked out, and the attacker gained full entry to the account, together with calendar integrations, OAuth tokens, bookings, and API keys. No notification was despatched to the sufferer.
Cal.com mounted this in model 6.0.8 by including strict person existence validation earlier than processing signups through invite tokens.
Bookings and Calendar Endpoints
A second class of vulnerabilities uncovered all reserving data and person knowledge through misconfigured API routes and IDOR-style flaws.
Gecko’s indexing course of recognized that Cal.com’s API v1 used underscore-prefixed information (_get.ts, _post.ts, _patch.ts, _delete.ts) as inside route handlers.
The principle index.ts entry level accurately utilized authorization middleware earlier than delegating to those handlers. Nonetheless, attributable to how Subsequent.js dealt with routing, the underscore information had been additionally uncovered as direct routes.
By straight calling these inside routes, any authenticated person with a sound v1 API key might bypass the authorization middleware completely. This allowed studying and deleting bookings platform-wide, exposing:
- Attendee names, emails, and private particulars.
- Assembly metadata and calendar data.
- Full reserving histories throughout customers and organizations.
The identical sample affected vacation spot calendar endpoints, enabling deletion of any person’s vacation spot calendar by ID, silently breaking routing guidelines and probably disrupting enterprise workflows.
Cal.com mitigated this by updating its Subsequent.js middleware to explicitly block direct entry to inside route handlers comparable to /_get, /_post, /_patch, /_delete, and /_auth-middleware, returning HTTP 403 for any direct requests to those paths.
These findings underline how small, localized bugs in authentication and authorization logic can chain into full compromise of accounts and delicate knowledge.
For Cal.com, the influence reached from full account takeover together with admins and paid customers to publicity of extremely delicate PII embedded in bookings.
The incident reinforces the necessity for protection in depth: strict world identification checks, constant authorization enforcement on each path, and cautious dealing with of framework routing habits.
It additionally highlights the function of AI-augmented safety tooling. Gecko’s AI SAST engine, which builds a semantic index of the codebase and causes about knowledge flows and enterprise logic, was key in surfacing these advanced chains shortly.
Gecko is at the moment making its platform out there in a free preview, inviting builders, vulnerability researchers, and safety engineers to experiment with AI-assisted code safety and produce this degree of research into their very own pipelines.
Comply with us on Google Information, LinkedIn, and X to Get Immediate Updates and Set GBH as a Most well-liked Supply in Google.
