A vulnerability has been found in calcom cal.diy up to 4.9.4 and classified as problematic . Impacted is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2026-9303 . It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.