CVE-2026-33206

Name of the Vulnerable Software and Affected Versions calibre versions prior to 9.6.0

Description A path traversal issue exists in the handling of images within Markdown and similar text-based files, which allows an attacker to include arbitrary files from the file system into a converted book. Furthermore, the 'background-image' endpoint in the ebook reader web view lacks authentication and is susceptible to server-side request forgery (SSRF), a flaw where the server is tricked into making unintended requests, enabling the exfiltration of files without further interaction.

Recommendations Update to version 9.6.0.