CVE-2026-25635

High CVSS: 8.6

calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerability is fixed in 9.2.0.

Vendor

Calibre-ebook

Product

Calibre

CWE

CWE-22

Yayın Tarihi

2026-02-06 21:16:18

Güncelleme

2026-02-17 21:27:17

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Calibre HIGH Calibre-ebook 2026

Referanslar

https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9 https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr https://0x5t.raptx.org/posts/calibre-chm-rce

Benzer Kayıtlar

Medium

CVE-2026-33205

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.…

High

CVE-2026-33206

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.…

Medium

CVE-2026-30853

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a p…

Medium

CVE-2026-27810

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.…

Medium

CVE-2026-27824

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.…

Critical

CVE-2026-26065

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and…