Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-25731 (GCVE-0-2026-25731)
Vulnerability from cvelistv5 – Published: 2026-02-06 20:14 – Updated: 2026-02-06 21:02
VLAI
EPSS
Title
Calibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML Export
Summary
calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.
Severity
7.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/kovidgoyal/calibre/security/ad… | x_refsource_CONFIRM |
| https://github.com/kovidgoyal/calibre/commit/f064… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kovidgoyal | calibre |
Affected:
< 9.2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25731",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T21:01:31.473045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T21:02:01.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "calibre",
"vendor": "kovidgoyal",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre\u0027s Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T20:14:35.822Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc"
},
{
"name": "https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379"
}
],
"source": {
"advisory": "GHSA-xrh9-w7qx-3gcc",
"discovery": "UNKNOWN"
},
"title": "Calibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML Export"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25731",
"datePublished": "2026-02-06T20:14:35.822Z",
"dateReserved": "2026-02-05T16:48:00.427Z",
"dateUpdated": "2026-02-06T21:02:01.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-25731",
"date": "2026-06-17",
"epss": "0.00269",
"percentile": "0.1828"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-25731\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-06T21:16:19.457\",\"lastModified\":\"2026-02-17T21:18:56.893\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre\u0027s Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.\"},{\"lang\":\"es\",\"value\":\"calibre es un gestor de libros electr\u00f3nicos. Antes de la versi\u00f3n 9.2.0, una vulnerabilidad de inyecci\u00f3n de plantillas del lado del servidor (SSTI) en el motor de plantillas Templite de Calibre permite la ejecuci\u00f3n de c\u00f3digo arbitrario cuando un usuario convierte un libro electr\u00f3nico utilizando un archivo de plantilla personalizado malicioso a trav\u00e9s de las opciones de l\u00ednea de comandos --template-html o --template-html-index. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 9.2.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1336\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.0\",\"matchCriteriaId\":\"264BDA56-70BE-4FCE-96AD-7F9D1BA0FB54\"}]}]}],\"references\":[{\"url\":\"https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-25731\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-06T21:01:31.473045Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-06T21:01:51.273Z\"}}], \"cna\": {\"title\": \"Calibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML Export\", \"source\": {\"advisory\": \"GHSA-xrh9-w7qx-3gcc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"kovidgoyal\", \"product\": \"calibre\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 9.2.0\"}]}], \"references\": [{\"url\": \"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc\", \"name\": \"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379\", \"name\": \"https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre\u0027s Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1336\", \"description\": \"CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-06T20:14:35.822Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-25731\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-06T21:02:01.147Z\", \"dateReserved\": \"2026-02-05T16:48:00.427Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-06T20:14:35.822Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-25731
Vulnerability from fkie_nvd - Published: 2026-02-06 21:16 - Updated: 2026-06-17 10:25
Severity
Summary
calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| calibre-ebook | calibre | * |
{
"affected": [
{
"affectedData": [
{
"product": "calibre",
"vendor": "kovidgoyal",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "264BDA56-70BE-4FCE-96AD-7F9D1BA0FB54",
"versionEndExcluding": "9.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre\u0027s Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0."
},
{
"lang": "es",
"value": "calibre es un gestor de libros electr\u00f3nicos. Antes de la versi\u00f3n 9.2.0, una vulnerabilidad de inyecci\u00f3n de plantillas del lado del servidor (SSTI) en el motor de plantillas Templite de Calibre permite la ejecuci\u00f3n de c\u00f3digo arbitrario cuando un usuario convierte un libro electr\u00f3nico utilizando un archivo de plantilla personalizado malicioso a trav\u00e9s de las opciones de l\u00ednea de comandos --template-html o --template-html-index. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 9.2.0."
}
],
"id": "CVE-2026-25731",
"lastModified": "2026-06-17T10:25:07.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-25731",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T21:01:31.473045Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-02-06T21:16:19.457",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1336"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
OPENSUSE-SU-2026:10587-1
Vulnerability from csaf_opensuse - Published: 2026-04-21 00:00 - Updated: 2026-04-21 00:00Summary
calibre-9.7.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: calibre-9.7.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the calibre-9.7.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10587
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.6 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.2 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "calibre-9.7.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the calibre-9.7.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10587",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10587-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25635 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25636 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25731 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26064 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26065 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26065/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27810 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27824 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-30853 page",
"url": "https://www.suse.com/security/cve/CVE-2026-30853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33205 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33205/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33206 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33206/"
}
],
"title": "calibre-9.7.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-04-21T00:00:00Z",
"generator": {
"date": "2026-04-21T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10587-1",
"initial_release_date": "2026-04-21T00:00:00Z",
"revision_history": [
{
"date": "2026-04-21T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "calibre-9.7.0-1.1.aarch64",
"product": {
"name": "calibre-9.7.0-1.1.aarch64",
"product_id": "calibre-9.7.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "calibre-9.7.0-1.1.ppc64le",
"product": {
"name": "calibre-9.7.0-1.1.ppc64le",
"product_id": "calibre-9.7.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "calibre-9.7.0-1.1.s390x",
"product": {
"name": "calibre-9.7.0-1.1.s390x",
"product_id": "calibre-9.7.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "calibre-9.7.0-1.1.x86_64",
"product": {
"name": "calibre-9.7.0-1.1.x86_64",
"product_id": "calibre-9.7.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "calibre-9.7.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64"
},
"product_reference": "calibre-9.7.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "calibre-9.7.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le"
},
"product_reference": "calibre-9.7.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "calibre-9.7.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x"
},
"product_reference": "calibre-9.7.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "calibre-9.7.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
},
"product_reference": "calibre-9.7.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25635"
}
],
"notes": [
{
"category": "general",
"text": "calibre is an e-book manager. Prior to 9.2.0, Calibre\u0027s CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven\u0027t tested on other OS\u0027s), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerability is fixed in 9.2.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25635",
"url": "https://www.suse.com/security/cve/CVE-2026-25635"
},
{
"category": "external",
"summary": "SUSE Bug 1257885 for CVE-2026-25635",
"url": "https://bugzilla.suse.com/1257885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25635"
},
{
"cve": "CVE-2026-25636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25636"
}
],
"notes": [
{
"category": "general",
"text": "calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre\u0027s EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25636",
"url": "https://www.suse.com/security/cve/CVE-2026-25636"
},
{
"category": "external",
"summary": "SUSE Bug 1257886 for CVE-2026-25636",
"url": "https://bugzilla.suse.com/1257886"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25636"
},
{
"cve": "CVE-2026-25731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25731"
}
],
"notes": [
{
"category": "general",
"text": "calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre\u0027s Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25731",
"url": "https://www.suse.com/security/cve/CVE-2026-25731"
},
{
"category": "external",
"summary": "SUSE Bug 1257879 for CVE-2026-25731",
"url": "https://bugzilla.suse.com/1257879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25731"
},
{
"cve": "CVE-2026-26064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26064"
}
],
"notes": [
{
"category": "general",
"text": "calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. Function extract_pictures only checks startswith(\u0027Pictures\u0027), and does not sanitize \u0027..\u0027 sequences. calibre\u0027s own ZipFile.extractall() in utils/zipfile.py does sanitize \u0027..\u0027 via _get_targetpath(), but extract_pictures() bypasses this by using manual zf.read() + open(). This issue has been fixed in version 9.3.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26064",
"url": "https://www.suse.com/security/cve/CVE-2026-26064"
},
{
"category": "external",
"summary": "SUSE Bug 1258529 for CVE-2026-26064",
"url": "https://bugzilla.suse.com/1258529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-26064"
},
{
"cve": "CVE-2026-26065",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26065"
}
],
"notes": [
{
"category": "general",
"text": "calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extension and arbitrary content anywhere the user has write permissions. Files are written in \u0027wb\u0027 mode, silently overwriting existing files. This can lead to potential code execution and Denial of Service through file corruption. This issue has been fixed in version 9.3.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26065",
"url": "https://www.suse.com/security/cve/CVE-2026-26065"
},
{
"category": "external",
"summary": "SUSE Bug 1258530 for CVE-2026-26065",
"url": "https://bugzilla.suse.com/1258530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-26065"
},
{
"cve": "CVE-2026-27810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27810"
}
],
"notes": [
{
"category": "general",
"text": "calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an unsanitized `content_disposition` query parameter in the `/get/` and `/data-files/get/` endpoints. All users running the calibre Content Server with authentication enabled are affected. The vulnerability is exploitable by any authenticated user and can also be triggered by tricking an authenticated victim into clicking a crafted link. Version 9.4.0 contains a fix for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27810",
"url": "https://www.suse.com/security/cve/CVE-2026-27810"
},
{
"category": "external",
"summary": "SUSE Bug 1259042 for CVE-2026-27810",
"url": "https://bugzilla.suse.com/1259042"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-27810"
},
{
"cve": "CVE-2026-27824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27824"
}
],
"notes": [
{
"category": "general",
"text": "calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server\u0027s brute-force protection mechanism uses a ban key derived from both `remote_addr` and the `X-Forwarded-For` header. Since the `X-Forwarded-For` header is read directly from the HTTP request without any validation or trusted-proxy configuration, an attacker can bypass IP-based bans by simply changing or adding this header, rendering the brute-force protection completely ineffective. This is particularly dangerous for calibre servers exposed to the internet, where brute-force protection is the primary defense against credential stuffing and password guessing attacks. Version 9.4.0 contains a fix for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27824",
"url": "https://www.suse.com/security/cve/CVE-2026-27824"
},
{
"category": "external",
"summary": "SUSE Bug 1259043 for CVE-2026-27824",
"url": "https://bugzilla.suse.com/1259043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-27824"
},
{
"cve": "CVE-2026-30853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-30853"
}
],
"notes": [
{
"category": "general",
"text": "calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook (.rb) input plugin (src/calibre/ebooks/rb/reader.py) allows an attacker to write arbitrary files to any path writable by the calibre process when a user opens or converts a crafted .rb file. This is the same bug class fixed in CVE-2026-26065 for the PDB readers, but the fix was never applied to the RB reader. This vulnerability is fixed in 9.5.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-30853",
"url": "https://www.suse.com/security/cve/CVE-2026-30853"
},
{
"category": "external",
"summary": "SUSE Bug 1259688 for CVE-2026-30853",
"url": "https://bugzilla.suse.com/1259688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-30853"
},
{
"cve": "CVE-2026-33205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33205"
}
],
"notes": [
{
"category": "general",
"text": "calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader\u0027s web view allows an attacker to perform blind GET requests to arbitrary URLs and exfiltrate information out from the ebook sandbox. Version 9.6.0 patches the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33205",
"url": "https://www.suse.com/security/cve/CVE-2026-33205"
},
{
"category": "external",
"summary": "SUSE Bug 1260987 for CVE-2026-33205",
"url": "https://bugzilla.suse.com/1260987"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-33205"
},
{
"cve": "CVE-2026-33206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33206"
}
],
"notes": [
{
"category": "general",
"text": "calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre\u0027 handling of images in Markdown and other similar text-based files allowing an attacker to include arbitrary files from the file system into the converted book. Additionally, missing authentication and server-side request forgery in the background-image endpoint in the ebook reader web view allow the files to be exfiltrated without additional interaction. Version 9.6.0 contains a fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33206",
"url": "https://www.suse.com/security/cve/CVE-2026-33206"
},
{
"category": "external",
"summary": "SUSE Bug 1260986 for CVE-2026-33206",
"url": "https://bugzilla.suse.com/1260986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:calibre-9.7.0-1.1.aarch64",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.s390x",
"openSUSE Tumbleweed:calibre-9.7.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-33206"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…