CVE-2026-30853

Name of the Vulnerable Software and Affected Versions calibre versions prior to 9.5.0

Description calibre is an e-book manager used for viewing, converting, editing, and cataloging e-books. A path traversal flaw exists in the RocketBook (.rb) input plugin (src/calibre/ebooks/rb/reader.py). This allows an attacker to write arbitrary files to any path writable by the calibre process when a user opens or converts a specially crafted .rb file. The issue stems from a failure to apply a previous fix for a similar flaw found in the PDB readers.

Recommendations Update to version 9.5.0 or later.