Cal.com, an open-source scheduling platform and developer-friendly different to Calendly, not too long ago patched a set of important vulnerabilities that uncovered consumer accounts and delicate reserving information to attackers.
The failings, found by Gecko’s AI safety engineer in Cal.com Cloud, allowed full account takeover for any consumer and unauthorized entry to bookings throughout organizations, together with personal conferences and attendee metadata.
Gecko used its AI-augmented static evaluation platform to autonomously map Cal.com’s codebase, uncovering complicated multi-step vulnerability chains in just some hours points that had beforehand evaded each present tooling and handbook penetration testing.
In response to Gecko, that is precisely the category of labor they intention to democratize: turning AI-augmented safety experience into one thing each developer and safety crew can use to safe software program at scale.
The investigation centered on damaged entry management, a class that continues to dominate real-world utility safety.
OWASP’s 2025 High 10 studies that 100% of examined purposes had some type of damaged entry management, underscoring how pervasive these points are even in security-conscious, open-source initiatives with massive contributor communities like Cal.com.
Account Takeover through Group
Essentially the most extreme situation was an authentication bypass within the group signup movement that enabled attackers to hijack present Cal.com accounts utilizing solely an e-mail handle and a company invite hyperlink.
An attacker generates a shareable invite hyperlink for a company they personal, producing a URL like https://app.cal.com/signup?token=<64-char-hex-token>.
The vulnerability stemmed from three chained logic flaws within the signup course of:
- The
usernameCheckForSignupoperate defaulted toout there: trueand skipped important validation for customers who had been already members of any group. As an alternative of rejecting present verified customers, it handled group members as if their e-mail had been free to register, permitting “re-signup” of energetic accounts. - A second validation step solely checked for present customers inside the attacker’s group scope. The question filtered by
organizationId, asking successfully, “Does this e-mail exist in my org?” as a substitute of worldwide. Because of this, verified customers in different organizations had been incorrectly handled as new. - Lastly, the signup handler executed a
prisma.consumer.upsert()withthe place: { e-mail }towards a schema the place emails are globally distinctive. When the 2 flawed validations handed, this upsert matched the sufferer’s present document and up to date it, overwriting their password hash, setting a brand new username, marking the e-mail as verified, and reassigningorganizationIdto the attacker’s group.
In follow, the assault was trivial: an attacker created or used an present group, generated an invitation hyperlink akin to https://app.cal.com/signup?token=, and submitted the signup kind with the sufferer’s e-mail and a brand new password.
The signup succeeded, the sufferer was silently locked out, and the attacker gained full entry to the account, together with calendar integrations, OAuth tokens, bookings, and API keys. No notification was despatched to the sufferer.
Cal.com fastened this in model 6.0.8 by including strict consumer existence validation earlier than processing signups through invite tokens.
Bookings and Calendar Endpoints
A second class of vulnerabilities uncovered all reserving information and consumer information through misconfigured API routes and IDOR-style flaws.
Gecko’s indexing course of recognized that Cal.com’s API v1 used underscore-prefixed recordsdata (_get.ts, _post.ts, _patch.ts, _delete.ts) as inside route handlers.
The principle index.ts entry level appropriately utilized authorization middleware earlier than delegating to those handlers. Nevertheless, attributable to how Subsequent.js dealt with routing, the underscore recordsdata had been additionally uncovered as direct routes.
By straight calling these inside routes, any authenticated consumer with a legitimate v1 API key may bypass the authorization middleware fully. This allowed studying and deleting bookings platform-wide, exposing:
- Attendee names, emails, and private particulars.
- Assembly metadata and calendar info.
- Full reserving histories throughout customers and organizations.
The identical sample affected vacation spot calendar endpoints, enabling deletion of any consumer’s vacation spot calendar by ID, silently breaking routing guidelines and probably disrupting enterprise workflows.
Cal.com mitigated this by updating its Subsequent.js middleware to explicitly block direct entry to inside route handlers akin to /_get, /_post, /_patch, /_delete, and /_auth-middleware, returning HTTP 403 for any direct requests to those paths.
These findings underline how small, localized bugs in authentication and authorization logic can chain into full compromise of accounts and delicate information.
For Cal.com, the affect reached from full account takeover together with admins and paid customers to publicity of extremely delicate PII embedded in bookings.
The incident reinforces the necessity for protection in depth: strict world id checks, constant authorization enforcement on each path, and cautious dealing with of framework routing conduct.
It additionally highlights the position of AI-augmented safety tooling. Gecko’s AI SAST engine, which builds a semantic index of the codebase and causes about information flows and enterprise logic, was key in surfacing these complicated chains shortly.
Gecko is at the moment making its platform out there in a free preview, inviting builders, vulnerability researchers, and safety engineers to experiment with AI-assisted code safety and produce this degree of research into their very own pipelines.
Observe us on Google Information, LinkedIn, and X to Get Immediate Updates and Set GBH as a Most well-liked Supply in Google.
