CVE-2026-25635

Name of the Vulnerable Software and Affected Versions calibre versions prior to 9.2.0

Description calibre is an e-book manager. The CHM reader contains a path traversal flaw that permits arbitrary file writes in locations where the user possesses write access. On Windows operating systems, this can potentially result in Remote Code Execution by writing a malicious payload to the Startup folder, which is then executed upon the next user login.

Recommendations Update to calibre version 9.2.0.