HIGH🇬🇧 English

CVE-2026-25731

CVSS 7.8v3.1pub. 2026-02-06upd. 2026-02-17

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Calibre Ebook Calibre

    APP
    Calibre-Ebook
    < 9.2.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2026-26064CRITICAL9.3PL ✓ten sam produkt

Path Traversal w Calibre umożliwiający zapis plików i RCE (Windows)

CVE-2026-26065CRITICAL9.3PL ✓ten sam produkt

Path Traversal w Calibre — zapis dowolnych plików przez czytnik PDB

CVE-2011-4124CRITICAL9.8ten sam produkt

Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injec...

CVE-2011-4125CRITICAL9.8ten sam produkt

A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of u...

CVE-2026-33206HIGH8.2ten sam produkt

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to ...