CVE-2026-25636

High CVSS: 8.2

calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0.

Vendor

Calibre-ebook

Product

Calibre

CWE

CWE-22

Yayın Tarihi

2026-02-06 21:16:18

Güncelleme

2026-02-17 21:23:11

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Calibre HIGH Calibre-ebook 2026

Referanslar

https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726 https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29 https://0x5t.raptx.org/posts/calibre-epub-rce

Benzer Kayıtlar

Medium

CVE-2026-33205

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.…

High

CVE-2026-33206

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.…

Medium

CVE-2026-30853

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a p…

Medium

CVE-2026-27810

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.…

Medium

CVE-2026-27824

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.…

Critical

CVE-2026-26065

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and…