Cal.com, an open-source scheduling platform and developer-friendly different to Calendly, not too long ago patched a set of essential vulnerabilities that uncovered person accounts and delicate reserving information to attackers.
The failings, found by Gecko’s AI safety engineer in Cal.com Cloud, allowed full account takeover for any person and unauthorized entry to bookings throughout organizations, together with personal conferences and attendee metadata.
Gecko used its AI-augmented static evaluation platform to autonomously map Cal.com’s codebase, uncovering complicated multi-step vulnerability chains in only a few hours points that had beforehand evaded each present tooling and guide penetration testing.
In keeping with Gecko, that is precisely the category of labor they purpose to democratize: turning AI-augmented safety experience into one thing each developer and safety crew can use to safe software program at scale.
The investigation centered on damaged entry management, a class that continues to dominate real-world utility safety.
OWASP’s 2025 High 10 experiences that 100% of examined purposes had some type of damaged entry management, underscoring how pervasive these points are even in security-conscious, open-source tasks with massive contributor communities like Cal.com.
Account Takeover by way of Group
Essentially the most extreme concern was an authentication bypass within the group signup move that enabled attackers to hijack present Cal.com accounts utilizing solely an e mail deal with and a company invite hyperlink.
An attacker generates a shareable invite hyperlink for a company they personal, producing a URL like https://app.cal.com/signup?token=<64-char-hex-token>.
The vulnerability stemmed from three chained logic flaws within the signup course of:
- The
usernameCheckForSignupoperate defaulted toout there: trueand skipped essential validation for customers who had been already members of any group. As a substitute of rejecting present verified customers, it handled group members as if their e mail had been free to register, permitting “re-signup” of energetic accounts. - A second validation step solely checked for present customers throughout the attacker’s group scope. The question filtered by
organizationId, asking successfully, “Does this e mail exist in my org?” as a substitute of worldwide. In consequence, verified customers in different organizations had been incorrectly handled as new. - Lastly, the signup handler executed a
prisma.person.upsert()withthe place: { e mail }in opposition to a schema the place emails are globally distinctive. When the 2 flawed validations handed, this upsert matched the sufferer’s present file and up to date it, overwriting their password hash, setting a brand new username, marking the e-mail as verified, and reassigningorganizationIdto the attacker’s group.
In apply, the assault was trivial: an attacker created or used an present group, generated an invitation hyperlink akin to https://app.cal.com/signup?token=, and submitted the signup type with the sufferer’s e mail and a brand new password.
The signup succeeded, the sufferer was silently locked out, and the attacker gained full entry to the account, together with calendar integrations, OAuth tokens, bookings, and API keys. No notification was despatched to the sufferer.
Cal.com mounted this in model 6.0.8 by including strict person existence validation earlier than processing signups by way of invite tokens.
Bookings and Calendar Endpoints
A second class of vulnerabilities uncovered all reserving information and person information by way of misconfigured API routes and IDOR-style flaws.
Gecko’s indexing course of recognized that Cal.com’s API v1 used underscore-prefixed information (_get.ts, _post.ts, _patch.ts, _delete.ts) as inside route handlers.
The principle index.ts entry level appropriately utilized authorization middleware earlier than delegating to those handlers. Nevertheless, resulting from how Subsequent.js dealt with routing, the underscore information had been additionally uncovered as direct routes.
By instantly calling these inside routes, any authenticated person with a legitimate v1 API key might bypass the authorization middleware solely. This allowed studying and deleting bookings platform-wide, exposing:
- Attendee names, emails, and private particulars.
- Assembly metadata and calendar info.
- Full reserving histories throughout customers and organizations.
The identical sample affected vacation spot calendar endpoints, enabling deletion of any person’s vacation spot calendar by ID, silently breaking routing guidelines and probably disrupting enterprise workflows.
Cal.com mitigated this by updating its Subsequent.js middleware to explicitly block direct entry to inside route handlers akin to /_get, /_post, /_patch, /_delete, and /_auth-middleware, returning HTTP 403 for any direct requests to those paths.
These findings underline how small, localized bugs in authentication and authorization logic can chain into full compromise of accounts and delicate information.
For Cal.com, the affect reached from full account takeover together with admins and paid customers to publicity of extremely delicate PII embedded in bookings.
The incident reinforces the necessity for protection in depth: strict international id checks, constant authorization enforcement on each path, and cautious dealing with of framework routing conduct.
It additionally highlights the function of AI-augmented safety tooling. Gecko’s AI SAST engine, which builds a semantic index of the codebase and causes about information flows and enterprise logic, was key in surfacing these complicated chains rapidly.
Gecko is presently making its platform out there in a free preview, inviting builders, vulnerability researchers, and safety engineers to experiment with AI-assisted code safety and convey this stage of research into their very own pipelines.
Comply with us on Google Information, LinkedIn, and X to Get Prompt Updates and Set GBH as a Most popular Supply in Google.
