CRITICAL🇵🇱 Wersja polska

CVE-2026-26064

CVSS 9.3v4.0pub. 2026-02-20

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. Function extract_pictures only checks startswith('Pictures'), and does not sanitize '..' sequences. calibre's own ZipFile.extractall() in utils/zipfile.py does sanitize '..' via _get_targetpath(), but extract_pictures() bypasses this by using manual zf.read() + open(). This issue has been fixed in version 9.3.0.

CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Calibre Ebook Calibre

    APP
    Calibre-Ebook
    < 9.3.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEPath Traversal
CWE
References

Related vulnerabilities

CVE-2026-26065CRITICAL9.3PL ✓ten sam produkt

Path Traversal w Calibre — zapis dowolnych plików przez czytnik PDB

CVE-2011-4124CRITICAL9.8ten sam produkt

Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injec...

CVE-2011-4125CRITICAL9.8ten sam produkt

A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of u...

CVE-2026-33206HIGH8.2ten sam produkt

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to ...

CVE-2026-25635HIGH8.6ten sam produkt

calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability tha...