Description
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitrary files from the file system into the converted book. Additionally, missing authentication and server-side request forgery in the background-image endpoint in the ebook reader web view allow the files to be exfiltrated without additional interaction. Version 9.6.0 contains a fix.
Published: 2026-03-27
Score: 8.2 High
EPSS: n/a
KEV: No
Impact: Unauthorized File Disclosure
Action: Immediate Patch
AI Analysis

Impact

Calibre, a cross‑platform e‑book manager, suffers from a path traversal flaw in its handling of images referenced within Markdown and similar text files. An attacker can craft an input that causes the conversion process to read arbitrary files from the file system and embed them in the resulting book. In addition, the ebook reader web view provides a background‑image endpoint that lacks authentication and is vulnerable to server‑side request forgery, enabling the exfiltration of the included files without further interaction.

Affected Systems

The affected product is the Calibre e‑book manager developed by Kovid Goyal. All releases prior to version 9.6.0 are vulnerable. This includes versions 9.5.x and earlier, as the fix was introduced in 9.6.0.

Risk and Exploitability

The CVSS score of 8.2 indicates a high severity vulnerability. While the EPSS score is not available, the absence from CISA’s KEV catalog does not reduce the risk; attackers can exploit the flaw remotely by providing a malicious file for conversion or by interacting with the unprotected web view endpoint. The attack vector is inferred to be remote, given the web component and the ability to supply arbitrary file references. An exploited vulnerability would compromise confidentiality by exposing sensitive files stored on the host system.

Generated by OpenCVE AI on March 27, 2026 at 15:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Calibre to version 9.6.0 or later.
  • If an upgrade is not immediately feasible, restrict users from converting Markdown or other text files that reference external images, and consider disabling or securing the background‑image endpoint in the ebook reader web view.

Generated by OpenCVE AI on March 27, 2026 at 15:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Description calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitrary files from the file system into the converted book. Additionally, missing authentication and server-side request forgery in the background-image endpoint in the ebook reader web view allow the files to be exfiltrated without additional interaction. Version 9.6.0 contains a fix.
Title calibre has a path traversal vulnerability
Weaknesses CWE-23
References
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-27T14:48:44.155Z

Reserved: 2026-03-17T23:23:58.312Z

Link: CVE-2026-33206

cve-icon Vulnrichment

Updated: 2026-03-27T14:48:29.828Z

cve-icon NVD

Status : Received

Published: 2026-03-27T15:16:54.453

Modified: 2026-03-27T15:16:54.453

Link: CVE-2026-33206

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:28:48Z

Weaknesses