CVE-2026-25731

High CVSS: 7.8

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.

Vendor

Calibre-ebook

Product

Calibre

CWE

CWE-1336

Yayın Tarihi

2026-02-06 21:16:19

Güncelleme

2026-02-17 21:18:56

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-1336 Calibre HIGH Calibre-ebook 2026

Referanslar

https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379 https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc

Benzer Kayıtlar

Medium

CVE-2026-33205

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.…

High

CVE-2026-33206

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.…

Medium

CVE-2026-30853

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a p…

Medium

CVE-2026-27810

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.…

Medium

CVE-2026-27824

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.…

Critical

CVE-2026-26065

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and…