CVE-2026-25731
published 2026-02-06CVE-2026-25731: calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary…
PriorityP343high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.24%
15.1th percentile
calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| calibre-ebook | calibre | < 9.2.0 | 9.2.0 |
| debian | calibre | < calibre 9.2.0+ds+~0.10.5-1 (forky) | calibre 9.2.0+ds+~0.10.5-1 (forky) |
| kovidgoyal | calibre | < 9.2.0 | 9.2.0 |
| kovidgoyal | calibre | >= 0 < 9.2.0+ds+~0.10.5-1 | 9.2.0+ds+~0.10.5-1 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
calibre: Calibre: Arbitrary Code Execution via malicious custom template file during ebook conversion
vendor_redhat·2026-02-06·CVSS 7.8
CVE-2026-25731 [HIGH] CWE-917 calibre: Calibre: Arbitrary Code Execution via malicious custom template file during ebook conversion
calibre: Calibre: Arbitrary Code Execution via malicious custom template file during ebook conversion
calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.
A flaw was found in Calibre, an e-book manager. This Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows an attacker to achieve arbitrary code execution. This occurs when a user converts an ebook using a specially crafted malicious custom template file, provided via the --template-html or --templat
Debian
CVE-2026-25731: calibre - calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (...
vendor_debian·2026·CVSS 7.8
CVE-2026-25731 [HIGH] CVE-2026-25731: calibre - calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (...
calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 9.2.0+ds+~0.10.5-1)
sid: resolved (fixed in 9.2.0+ds+~0.10.5-1)
trixie: open
OSV
CVE-2026-25731: calibre is an e-book manager
osv·2026-02-06·CVSS 7.8
CVE-2026-25731 [HIGH] CVE-2026-25731: calibre is an e-book manager
calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-25731 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-25731 [HIGH] CVE-2026-25731 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25731 :
NixOS vulnerability analysis and mitigation
calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.
Source : NVD
## 7.8
Score
Published February 6, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:calibre-ebook:calibre
cali
Bugzilla
CVE-2026-25731 calibre: Calibre: Arbitrary Code Execution via malicious custom template file during ebook conversion [fedora-42]
bugzilla·2026-02-09·CVSS 7.8
CVE-2026-25731 [HIGH] CVE-2026-25731 calibre: Calibre: Arbitrary Code Execution via malicious custom template file during ebook conversion [fedora-42]
CVE-2026-25731 calibre: Calibre: Arbitrary Code Execution via malicious custom template file during ebook conversion [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in
2026-02-06
Published