CVE-2026-26065
published 2026-02-20CVE-2026-26065: calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal…
PriorityP357high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.52%
40.2th percentile
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extension and arbitrary content anywhere the user has write permissions. Files are written in 'wb' mode, silently overwriting existing files. This can lead to potential code execution and Denial of Service through file corruption. This issue has been fixed in version 9.3.0.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| calibre-ebook | calibre | < 9.5.0 | 9.5.0 |
| calibre-ebook | calibre | < 9.3.0 | 9.3.0 |
| calibre-ebook | calibre | >= 0 < 9.5.0+ds+~0.10.5-1 | 9.5.0+ds+~0.10.5-1 |
| debian | calibre | < calibre 9.5.0+ds+~0.10.5-1 (forky) | calibre 9.5.0+ds+~0.10.5-1 (forky) |
| debian | calibre | < calibre 9.3.0+ds+~0.10.5-1 (forky) | calibre 9.3.0+ds+~0.10.5-1 (forky) |
| kovidgoyal | calibre | < 9.5.0 | 9.5.0 |
| kovidgoyal | calibre | >= 0 < 9.3.0+ds+~0.10.5-1 | 9.3.0+ds+~0.10.5-1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
calibre: Calibre: Arbitrary file write via crafted RocketBook (.rb) file
vendor_redhat·2026-03-13·CVSS 9.3
CVE-2026-30853 [CRITICAL] CWE-22 calibre: Calibre: Arbitrary file write via crafted RocketBook (.rb) file
calibre: Calibre: Arbitrary file write via crafted RocketBook (.rb) file
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook (.rb) input plugin (src/calibre/ebooks/rb/reader.py) allows an attacker to write arbitrary files to any path writable by the calibre process when a user opens or converts a crafted .rb file. This is the same bug class fixed in CVE-2026-26065 for the PDB readers, but the fix was never applied to the RB reader. This vulnerability is fixed in 9.5.0.
A flaw was found in Calibre, an e-book manager. A path traversal vulnerability in the RocketBook (.rb) input plugin allows an attacker to write arbitrary files to any location accessible by the Calibre process.
Debian
CVE-2026-30853: calibre - calibre is a cross-platform e-book manager for viewing, converting, editing, and...
vendor_debian·2026·CVSS 9.3
CVE-2026-30853 [CRITICAL] CVE-2026-30853: calibre - calibre is a cross-platform e-book manager for viewing, converting, editing, and...
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook (.rb) input plugin (src/calibre/ebooks/rb/reader.py) allows an attacker to write arbitrary files to any path writable by the calibre process when a user opens or converts a crafted .rb file. This is the same bug class fixed in CVE-2026-26065 for the PDB readers, but the fix was never applied to the RB reader. This vulnerability is fixed in 9.5.0.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 9.5.0+ds+~0.10.5-1)
sid: resolved (fixed in 9.5.0+ds+~0.10.5-1)
trixie: open
Debian
CVE-2026-26065: calibre - calibre is a cross-platform e-book manager for viewing, converting, editing, and...
vendor_debian·2026·CVSS 9.3
CVE-2026-26065 [CRITICAL] CVE-2026-26065: calibre - calibre is a cross-platform e-book manager for viewing, converting, editing, and...
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extension and arbitrary content anywhere the user has write permissions. Files are written in 'wb' mode, silently overwriting existing files. This can lead to potential code execution and Denial of Service through file corruption. This issue has been fixed in version 9.3.0.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 9.3.0+ds+~0.10.5-1)
sid: resolved (fixed in 9.3.0+ds+~0.10.5-1)
trixie: open
OSV
CVE-2026-30853: calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books
osv·2026-03-13·CVSS 9.3
CVE-2026-30853 [CRITICAL] CVE-2026-30853: calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook (.rb) input plugin (src/calibre/ebooks/rb/reader.py) allows an attacker to write arbitrary files to any path writable by the calibre process when a user opens or converts a crafted .rb file. This is the same bug class fixed in CVE-2026-26065 for the PDB readers, but the fix was never applied to the RB reader. This vulnerability is fixed in 9.5.0.
OSV
CVE-2026-26065: calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books
osv·2026-02-20·CVSS 9.3
CVE-2026-26065 [CRITICAL] CVE-2026-26065: calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extension and arbitrary content anywhere the user has write permissions. Files are written in 'wb' mode, silently overwriting existing files. This can lead to potential code execution and Denial of Service through file corruption. This issue has been fixed in version 9.3.0.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-30853 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-30853 [CRITICAL] CVE-2026-30853 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30853 :
NixOS vulnerability analysis and mitigation
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook (.rb) input plugin (src/calibre/ebooks/rb/reader.py) allows an attacker to write arbitrary files to any path writable by the calibre process when a user opens or converts a crafted .rb file. This is the same bug class fixed in CVE-2026-26065 for the PDB readers, but the fix was never applied to the RB reader. This vulnerability is fixed in 9.5.0.
Source : NVD
## 8.2
Score
Published March 13, 2026
Severity HIGH
CNA Score 5.0
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Da
Wiz
CVE-2026-26065 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-26065 [CRITICAL] CVE-2026-26065 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26065 :
NixOS vulnerability analysis and mitigation
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extension and arbitrary content anywhere the user has write permissions. Files are written in 'wb' mode, silently overwriting existing files. This can lead to potential code execution and Denial of Service through file corruption. This issue has been fixed in version 9.3.0.
Source : NVD
## 9.3
Score
Published February 20, 2026
Severity CRITICAL
CNA Score 9.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CIS
2026-02-20
Published