Calibre-Ebook Calibre vulnerabilities

CVE-2026-33206 [HIGH] CWE-23 CVE-2026-33206: calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitrary files from the file system into the converted book. Additionally, missi

CVE-2026-33205 [MEDIUM] CWE-918 CVE-2026-33205: calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitrary URLs and exfiltrate information out from the ebook

CVE-2026-30853 [HIGH] CVE-2026-30853: calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook (.rb) input plugin (src/calibre/ebooks/rb/reader.py) allows an attacker to write arbitrary files to any path writable by the calibre process when a user opens or converts a crafted .rb file. This

CVE-2026-27824 [MEDIUM] CWE-307 CVE-2026-27824: calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both `remote_addr` and the `X-Forwarded-For` header. Since the `X-Forwarded-For` header is read directly from the HTTP request without a

CVE-2026-27810 [MEDIUM] CWE-113 CVE-2026-27810: calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an unsanitized `content_disposition` query parameter in the

CVE-2026-26064 [CRITICAL] CWE-22 CVE-2026-26064: calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writing a payload to the Startup folder, which executes on

CVE-2026-26065 [CRITICAL] CWE-22 CVE-2026-26065: calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extension and arbitrary content anywhere the user has write permissions. Files

CVE-2026-25731 [HIGH] CWE-1336 CVE-2026-25731: calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.

CVE-2026-25636 [HIGH] CWE-22 CVE-2026-25636: calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write m

CVE-2026-25635 [HIGH] CWE-22 CVE-2026-25635: calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnera calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerabili

CVE-2024-6781 [HIGH] CWE-22 CVE-2024-6781: Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read.

CVE-2024-7009 [HIGH] CWE-89 CVE-2024-7009: Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text search Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.

CVE-2024-7008 [MEDIUM] CWE-79 CVE-2024-7008: Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scriptin Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.

CVE-2023-46303 [HIGH] CWE-918 CVE-2023-46303: link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by defau link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.

CVE-2021-44686 [HIGH] CWE-400 CVE-2021-44686: calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.

CVE-2018-7889 [HIGH] CWE-502 CVE-2018-7889: gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which a gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.

CVE-2016-10187 [MEDIUM] CWE-264 CVE-2016-10187: The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a craft The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.