PT-2026-20989 · Calibre · Calibre

0X5T

·

Publicado

2026-02-20

·

Atualizado

2026-04-21

·

CVE-2026-26065

CVSS v4.0

9.3

Crítica

VetorAV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Name of the Vulnerable Software and Affected Versions calibre versions 9.2.1 and below
Description calibre is a cross-platform e-book manager used for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are susceptible to a Path Traversal issue through PDB readers, specifically both 132-byte and 202-byte header variants. This allows for arbitrary file writes with arbitrary extensions and content in locations where the user has write permissions. Files are written in 'wb' mode, which silently overwrites existing files. This can potentially lead to code execution and Denial of Service through file corruption.
Recommendations Update to version 9.3.0 or later.

Exploit

Correção

DoS

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

BDU:2026-04348
CVE-2026-26065
GHSA-VMFH-7MR7-PP2W
OPENSUSE-SU-2026:10587-1

Produtos afetados

Calibre