PT-2026-6788 · Calibre · Calibre

0X5T

Published

2026-02-06

Updated

2026-04-21

CVE-2026-25636

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions calibre versions 9.1.0 and earlier

Description calibre is an e-book manager. A path traversal flaw exists in the EPUB conversion process. A crafted EPUB file can potentially corrupt existing files that the calibre process has write access to. During conversion, calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even if the path is outside the designated conversion directory. The vulnerability involves resolving a URI to a filesystem path and opening it in read-write mode.

Recommendations Update to version 9.2.0 or later.

Exploit

Fix

Path traversal

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-94CWE-73

Related Identifiers

CVE-2026-25636

GHSA-8R26-M7J5-HM29

OPENSUSE-SU-2026:10587-1

Affected Products

Calibre

PT-2026-6788 · Calibre · Calibre

CVE-2026-25636

Weakness Enumeration

Related Identifiers

Affected Products

References · 28