CVE-2026-33205

Medium CVSS: 4.8

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitrary URLs and exfiltrate information out from the ebook sandbox. Version 9.6.0 patches the issue.

Vendor

Calibre-ebook

Product

Calibre

CWE

CWE-918

Yayın Tarihi

2026-03-27 15:16:54

Güncelleme

2026-03-30 20:48:24

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-918 Calibre MEDIUM Calibre-ebook 2026

Referanslar

https://github.com/kovidgoyal/calibre/security/advisories/GHSA-4926-v9px-wv7v

Benzer Kayıtlar

High

CVE-2026-33206

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.…

Medium

CVE-2026-30853

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a p…

Medium

CVE-2026-27810

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.…

Medium

CVE-2026-27824

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.…

Critical

CVE-2026-26065

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and…

Critical

CVE-2026-26064

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and…