Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-bjj5-ynf7-v7aa
Summarycalibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extension and arbitrary content anywhere the user has write permissions. Files are written in 'wb' mode, silently overwriting existing files. This can lead to potential code execution and Denial of Service through file corruption. This issue has been fixed in version 9.3.0.
Aliases
0
alias CVE-2026-26065
Fixed_packages
0
url pkg:deb/debian/calibre@8.16.2%2Bds%2B~0.10.5-3~bpo13%2B1
purl pkg:deb/debian/calibre@8.16.2%2Bds%2B~0.10.5-3~bpo13%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.16.2%252Bds%252B~0.10.5-3~bpo13%252B1
1
url pkg:deb/debian/calibre@9.3.0%2Bds%2B~0.10.5-1?distro=trixie
purl pkg:deb/debian/calibre@9.3.0%2Bds%2B~0.10.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.3.0%252Bds%252B~0.10.5-1%3Fdistro=trixie
2
url pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-5?distro=trixie
purl pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-5%3Fdistro=trixie
3
url pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-6?distro=trixie
purl pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-6%3Fdistro=trixie
4
url pkg:deb/debian/calibre@9.7.0%2Bds%2B~0.10.5-2?distro=trixie
purl pkg:deb/debian/calibre@9.7.0%2Bds%2B~0.10.5-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.7.0%252Bds%252B~0.10.5-2%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w1b-b6qm-4qhf
1
vulnerability VCID-b3vv-xdp2-7ub8
2
vulnerability VCID-bjj5-ynf7-v7aa
3
vulnerability VCID-dywq-dzuv-wka2
4
vulnerability VCID-hgmk-8s7s-tfdb
5
vulnerability VCID-jwpx-aqjh-dqej
6
vulnerability VCID-mqmp-g7uy-gbg4
7
vulnerability VCID-nj3z-4ya4-bqf7
8
vulnerability VCID-vq4p-dvg4-eudz
9
vulnerability VCID-x63d-4kux-cqcu
10
vulnerability VCID-zhz3-1799-a7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@5.12.0%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2
purl pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w1b-b6qm-4qhf
1
vulnerability VCID-4gvv-bsf9-vqca
2
vulnerability VCID-b3vv-xdp2-7ub8
3
vulnerability VCID-bjj5-ynf7-v7aa
4
vulnerability VCID-dywq-dzuv-wka2
5
vulnerability VCID-favj-1bjh-9uff
6
vulnerability VCID-hgmk-8s7s-tfdb
7
vulnerability VCID-jwpx-aqjh-dqej
8
vulnerability VCID-mqmp-g7uy-gbg4
9
vulnerability VCID-nj3z-4ya4-bqf7
10
vulnerability VCID-vq4p-dvg4-eudz
11
vulnerability VCID-x63d-4kux-cqcu
12
vulnerability VCID-zhz3-1799-a7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@5.12.0%252Bdfsg-1%252Bdeb11u2
2
url pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5?distro=trixie
purl pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w1b-b6qm-4qhf
1
vulnerability VCID-bjj5-ynf7-v7aa
2
vulnerability VCID-dywq-dzuv-wka2
3
vulnerability VCID-hgmk-8s7s-tfdb
4
vulnerability VCID-jwpx-aqjh-dqej
5
vulnerability VCID-mqmp-g7uy-gbg4
6
vulnerability VCID-nj3z-4ya4-bqf7
7
vulnerability VCID-vq4p-dvg4-eudz
8
vulnerability VCID-x63d-4kux-cqcu
9
vulnerability VCID-zhz3-1799-a7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u5%3Fdistro=trixie
3
url pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5
purl pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w1b-b6qm-4qhf
1
vulnerability VCID-bjj5-ynf7-v7aa
2
vulnerability VCID-dywq-dzuv-wka2
3
vulnerability VCID-hgmk-8s7s-tfdb
4
vulnerability VCID-jwpx-aqjh-dqej
5
vulnerability VCID-mqmp-g7uy-gbg4
6
vulnerability VCID-nj3z-4ya4-bqf7
7
vulnerability VCID-vq4p-dvg4-eudz
8
vulnerability VCID-x63d-4kux-cqcu
9
vulnerability VCID-zhz3-1799-a7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u5
4
url pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w1b-b6qm-4qhf
1
vulnerability VCID-bjj5-ynf7-v7aa
2
vulnerability VCID-dywq-dzuv-wka2
3
vulnerability VCID-hgmk-8s7s-tfdb
4
vulnerability VCID-jwpx-aqjh-dqej
5
vulnerability VCID-mqmp-g7uy-gbg4
6
vulnerability VCID-nj3z-4ya4-bqf7
7
vulnerability VCID-vq4p-dvg4-eudz
8
vulnerability VCID-x63d-4kux-cqcu
9
vulnerability VCID-zhz3-1799-a7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u1
purl pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w1b-b6qm-4qhf
1
vulnerability VCID-bjj5-ynf7-v7aa
2
vulnerability VCID-dywq-dzuv-wka2
3
vulnerability VCID-hgmk-8s7s-tfdb
4
vulnerability VCID-jwpx-aqjh-dqej
5
vulnerability VCID-mqmp-g7uy-gbg4
6
vulnerability VCID-nj3z-4ya4-bqf7
7
vulnerability VCID-vq4p-dvg4-eudz
8
vulnerability VCID-x63d-4kux-cqcu
9
vulnerability VCID-zhz3-1799-a7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26065
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11374
published_at 2026-04-21T12:55:00Z
1
value 0.00038
scoring_system epss
scoring_elements 0.11384
published_at 2026-04-13T12:55:00Z
2
value 0.00038
scoring_system epss
scoring_elements 0.11246
published_at 2026-04-16T12:55:00Z
3
value 0.00038
scoring_system epss
scoring_elements 0.11247
published_at 2026-04-18T12:55:00Z
4
value 0.00038
scoring_system epss
scoring_elements 0.11454
published_at 2026-04-02T12:55:00Z
5
value 0.00038
scoring_system epss
scoring_elements 0.11513
published_at 2026-04-04T12:55:00Z
6
value 0.00038
scoring_system epss
scoring_elements 0.113
published_at 2026-04-07T12:55:00Z
7
value 0.00038
scoring_system epss
scoring_elements 0.11382
published_at 2026-04-08T12:55:00Z
8
value 0.00038
scoring_system epss
scoring_elements 0.11441
published_at 2026-04-09T12:55:00Z
9
value 0.00038
scoring_system epss
scoring_elements 0.11446
published_at 2026-04-11T12:55:00Z
10
value 0.00038
scoring_system epss
scoring_elements 0.11413
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26065
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26065
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26065
2
reference_url https://github.com/kovidgoyal/calibre/commit/b6da1c3878c06eb1356cb0ec1106cb66e0e9bfb8
reference_id b6da1c3878c06eb1356cb0ec1106cb66e0e9bfb8
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:41:04Z/
url https://github.com/kovidgoyal/calibre/commit/b6da1c3878c06eb1356cb0ec1106cb66e0e9bfb8
3
reference_url https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w
reference_id GHSA-vmfh-7mr7-pp2w
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:41:04Z/
url https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w
Weaknesses
0
cwe_id 22
name Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Exploits
Severity_range_score9.3 - 9.3
Exploitability0.5
Weighted_severity8.4
Risk_score4.2
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-bjj5-ynf7-v7aa