cbcvebase.
CVE-2026-25636
published 2026-02-06

CVE-2026-25636: calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt…

PriorityP344high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.21%
11.1th percentile
calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0.

Affected

4 ranges
VendorProductVersion rangeFixed in
calibre-ebookcalibre< 9.2.09.2.0
debiancalibre< calibre 9.2.0+ds+~0.10.5-1 (forky)calibre 9.2.0+ds+~0.10.5-1 (forky)
kovidgoyalcalibre< 9.2.09.2.0
kovidgoyalcalibre>= 0 < 9.2.0+ds+~0.10.5-19.2.0+ds+~0.10.5-1

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian8.2HIGH
vendor_redhat8.2HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.