CVE-2026-26065

CVSS v4.0

9.3

Critical

Vector

AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions calibre versions 9.2.1 and below

Description calibre is a cross-platform e-book manager used for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are susceptible to a Path Traversal issue through PDB readers, specifically both 132-byte and 202-byte header variants. This allows for arbitrary file writes with arbitrary extensions and content in locations where the user has write permissions. Files are written in 'wb' mode, which silently overwrites existing files. This can potentially lead to code execution and Denial of Service through file corruption.

Recommendations Update to version 9.3.0 or later.

Exploit

Fix

DoS

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2026-04348

CVE-2026-26065

GHSA-VMFH-7MR7-PP2W

OPENSUSE-SU-2026:10587-1

Affected Products

Calibre

CVE-2026-26065

Weakness Enumeration

Related Identifiers

Affected Products

References · 31