Back to CVE List

CVE-2026-33206

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
6.3 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Vulnerability Description

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitrary files from the file system into the converted book. Additionally, missing authentication and server-side request forgery in the background-image endpoint in the ebook reader web view allow the files to be exfiltrated without additional interaction. Version 9.6.0 contains a fix.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-23
Source
NVD
Vendor
kovidgoyal
Product
calibre

External References

Discussion (0)

Add Comment

No comments yet. Be the first!