CVE-2026-33205

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions calibre versions prior to 9.6.0

Description A Server-Side Request Forgery (SSRF) issue in the 'background-image' endpoint of the web view allows an attacker to perform blind GET requests to arbitrary URLs. This can lead to the exfiltration of information from the ebook sandbox. SSRF is a flaw where an attacker can force a server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.

Recommendations Update to version 9.6.0 or later.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-33205

GHSA-4926-V9PX-WV7V

OPENSUSE-SU-2026:10587-1

Affected Products

Calibre

CVE-2026-33205

Weakness Enumeration

Related Identifiers

Affected Products

References · 20