{"url":"http://public2.vulnerablecode.io/api/packages/582435?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5","type":"deb","namespace":"debian","name":"calibre","version":"6.13.0+repack-2+deb12u5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.13.0+repack-2+deb12u6","latest_non_vulnerable_version":"8.16.2+ds+~0.10.5-3~bpo13+1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97078?format=json","vulnerability_id":"VCID-2w1b-b6qm-4qhf","summary":"calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitrary URLs and exfiltrate information out from the ebook sandbox. Version 9.6.0 patches the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33205","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02154","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02132","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02107","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02119","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02207","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02184","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02175","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0216","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02155","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02172","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02151","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02136","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02767","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02784","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02793","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05373","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33205"},{"reference_url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-4926-v9px-wv7v","reference_id":"GHSA-4926-v9px-wv7v","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T18:57:50Z/"}],"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-4926-v9px-wv7v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089403?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1089404?format=json","purl":"pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/582437?format=json","purl":"pkg:deb/debian/calibre@8.16.2%2Bds%2B~0.10.5-3~bpo13%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.16.2%252Bds%252B~0.10.5-3~bpo13%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/585348?format=json","purl":"pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-1"}],"aliases":["CVE-2026-33205"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2w1b-b6qm-4qhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97030?format=json","vulnerability_id":"VCID-bjj5-ynf7-v7aa","summary":"calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extension and arbitrary content anywhere the user has write permissions. Files are written in 'wb' mode, silently overwriting existing files. This can lead to potential code execution and Denial of Service through file corruption. This issue has been fixed in version 9.3.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26065","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11454","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11446","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11413","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11384","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11246","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11247","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11374","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11314","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11273","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11513","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.113","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11382","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11441","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13301","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14433","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1419","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1434","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26065"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26065","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26065"},{"reference_url":"https://github.com/kovidgoyal/calibre/commit/b6da1c3878c06eb1356cb0ec1106cb66e0e9bfb8","reference_id":"b6da1c3878c06eb1356cb0ec1106cb66e0e9bfb8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:41:04Z/"}],"url":"https://github.com/kovidgoyal/calibre/commit/b6da1c3878c06eb1356cb0ec1106cb66e0e9bfb8"},{"reference_url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w","reference_id":"GHSA-vmfh-7mr7-pp2w","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:41:04Z/"}],"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089403?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1089404?format=json","purl":"pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/582437?format=json","purl":"pkg:deb/debian/calibre@8.16.2%2Bds%2B~0.10.5-3~bpo13%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.16.2%252Bds%252B~0.10.5-3~bpo13%252B1"}],"aliases":["CVE-2026-26065"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bjj5-ynf7-v7aa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97079?format=json","vulnerability_id":"VCID-dywq-dzuv-wka2","summary":"calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitrary files from the file system into the converted book. Additionally, missing authentication and server-side request forgery in the background-image endpoint in the ebook reader web view allow the files to be exfiltrated without additional interaction. Version 9.6.0 contains a fix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33206","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01609","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01601","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01589","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01603","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01693","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01707","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01701","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01616","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01618","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01625","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01611","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01602","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0208","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02077","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02127","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0455","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33206"},{"reference_url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-h3p4-m74f-43g6","reference_id":"GHSA-h3p4-m74f-43g6","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:48:39Z/"}],"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-h3p4-m74f-43g6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089403?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1089404?format=json","purl":"pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/582437?format=json","purl":"pkg:deb/debian/calibre@8.16.2%2Bds%2B~0.10.5-3~bpo13%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.16.2%252Bds%252B~0.10.5-3~bpo13%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/585348?format=json","purl":"pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-1"}],"aliases":["CVE-2026-33206"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dywq-dzuv-wka2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97047?format=json","vulnerability_id":"VCID-hgmk-8s7s-tfdb","summary":"calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an unsanitized `content_disposition` query parameter in the `/get/` and `/data-files/get/` endpoints. All users running the calibre Content Server with authentication enabled are affected. The vulnerability is exploitable by any authenticated user and can also be triggered by tricking an authenticated victim into clicking a crafted link. Version 9.4.0 contains a fix for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27810","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16461","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16231","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16228","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16186","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16059","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16523","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16319","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16404","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16463","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16448","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16409","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16346","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16283","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16303","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16338","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17486","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17583","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27810"},{"reference_url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-5fpj-fxw7-8grw","reference_id":"GHSA-5fpj-fxw7-8grw","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T12:53:21Z/"}],"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-5fpj-fxw7-8grw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089403?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1089404?format=json","purl":"pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/582437?format=json","purl":"pkg:deb/debian/calibre@8.16.2%2Bds%2B~0.10.5-3~bpo13%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.16.2%252Bds%252B~0.10.5-3~bpo13%252B1"}],"aliases":["CVE-2026-27810"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hgmk-8s7s-tfdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64674?format=json","vulnerability_id":"VCID-jwpx-aqjh-dqej","summary":"calibre: Calibre: Remote Code Execution via path traversal in CHM reader","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25635.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25635.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25635","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24132","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24087","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.2417","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23956","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24023","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24069","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24043","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23986","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26115","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26254","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26229","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26194","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26119","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26064","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33161","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33121","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33053","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25635","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25635"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437936","reference_id":"2437936","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437936"},{"reference_url":"https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9","reference_id":"9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-09T15:20:48Z/"}],"url":"https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9"},{"reference_url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr","reference_id":"GHSA-32vh-whvh-9fxr","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-09T15:20:48Z/"}],"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089403?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1089404?format=json","purl":"pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/582437?format=json","purl":"pkg:deb/debian/calibre@8.16.2%2Bds%2B~0.10.5-3~bpo13%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.16.2%252Bds%252B~0.10.5-3~bpo13%252B1"}],"aliases":["CVE-2026-25635"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jwpx-aqjh-dqej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64271?format=json","vulnerability_id":"VCID-mqmp-g7uy-gbg4","summary":"calibre: Calibre: Arbitrary file write via crafted RocketBook (.rb) file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30853.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30853.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30853","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0217","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02151","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02176","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02171","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02172","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02194","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02154","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02672","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02664","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05207","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07408","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07254","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07479","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07263","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07271","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07243","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30853"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-30853","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-30853"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447437","reference_id":"2447437","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447437"},{"reference_url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-7mp7-rfrg-542x","reference_id":"GHSA-7mp7-rfrg-542x","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T19:42:19Z/"}],"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-7mp7-rfrg-542x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089403?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1089404?format=json","purl":"pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/582437?format=json","purl":"pkg:deb/debian/calibre@8.16.2%2Bds%2B~0.10.5-3~bpo13%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.16.2%252Bds%252B~0.10.5-3~bpo13%252B1"}],"aliases":["CVE-2026-30853"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mqmp-g7uy-gbg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97049?format=json","vulnerability_id":"VCID-nj3z-4ya4-bqf7","summary":"calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both `remote_addr` and the `X-Forwarded-For` header. Since the `X-Forwarded-For` header is read directly from the HTTP request without any validation or trusted-proxy configuration, an attacker can bypass IP-based bans by simply changing or adding this header, rendering the brute-force protection completely ineffective. This is particularly dangerous for calibre servers exposed to the internet, where brute-force protection is the primary defense against credential stuffing and password guessing attacks. Version 9.4.0 contains a fix for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27824","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0544","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05368","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05461","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05398","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05405","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07692","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.077","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07679","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07646","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07626","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07722","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07707","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07617","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07605","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07756","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08221","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08156","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27824"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27824"},{"reference_url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vhxc-r7v8-2xrw","reference_id":"GHSA-vhxc-r7v8-2xrw","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T12:54:19Z/"}],"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vhxc-r7v8-2xrw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089403?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1089404?format=json","purl":"pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/582437?format=json","purl":"pkg:deb/debian/calibre@8.16.2%2Bds%2B~0.10.5-3~bpo13%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.16.2%252Bds%252B~0.10.5-3~bpo13%252B1"}],"aliases":["CVE-2026-27824"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nj3z-4ya4-bqf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64675?format=json","vulnerability_id":"VCID-vq4p-dvg4-eudz","summary":"calibre: Calibre: Arbitrary file corruption via path traversal in EPUB conversion","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25636.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25636.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25636","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06031","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05948","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05981","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05964","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06003","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06041","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06022","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06014","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07127","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07143","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07085","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07061","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07192","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07162","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07169","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07298","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07379","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25636"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25636","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25636"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437730","reference_id":"2437730","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437730"},{"reference_url":"https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726","reference_id":"9484ea82c6ab226c18e6ca5aa000fa16de598726","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:19:25Z/"}],"url":"https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726"},{"reference_url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29","reference_id":"GHSA-8r26-m7j5-hm29","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:19:25Z/"}],"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089403?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1089404?format=json","purl":"pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/582437?format=json","purl":"pkg:deb/debian/calibre@8.16.2%2Bds%2B~0.10.5-3~bpo13%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.16.2%252Bds%252B~0.10.5-3~bpo13%252B1"}],"aliases":["CVE-2026-25636"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vq4p-dvg4-eudz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97029?format=json","vulnerability_id":"VCID-x63d-4kux-cqcu","summary":"calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. Function extract_pictures only checks startswith('Pictures'), and does not sanitize '..' sequences. calibre's own ZipFile.extractall() in utils/zipfile.py does sanitize '..' via _get_targetpath(), but extract_pictures() bypasses this by using manual zf.read() + open(). This issue has been fixed in version 9.3.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26064","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20787","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20718","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20675","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20622","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20608","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20605","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20596","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20482","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20479","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20846","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.2056","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20636","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20698","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22867","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23999","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23848","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2393","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26064"},{"reference_url":"https://github.com/kovidgoyal/calibre/commit/e1b5f9b45a5e8fa96c136963ad9a1d35e6adac62","reference_id":"e1b5f9b45a5e8fa96c136963ad9a1d35e6adac62","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:29:11Z/"}],"url":"https://github.com/kovidgoyal/calibre/commit/e1b5f9b45a5e8fa96c136963ad9a1d35e6adac62"},{"reference_url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp","reference_id":"GHSA-72ch-3hqc-pgmp","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:29:11Z/"}],"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089403?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1089404?format=json","purl":"pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/582437?format=json","purl":"pkg:deb/debian/calibre@8.16.2%2Bds%2B~0.10.5-3~bpo13%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.16.2%252Bds%252B~0.10.5-3~bpo13%252B1"}],"aliases":["CVE-2026-26064"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x63d-4kux-cqcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64673?format=json","vulnerability_id":"VCID-zhz3-1799-a7hk","summary":"calibre: Calibre: Arbitrary Code Execution via malicious custom template file during ebook conversion","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25731.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25731.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25731","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01242","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01166","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01177","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01247","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01251","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01257","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01246","published_at":"2026-05-07T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00907","published_at":"2026-04-04T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00913","published_at":"2026-04-08T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00898","published_at":"2026-04-11T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00893","published_at":"2026-04-12T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00895","published_at":"2026-04-13T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00905","published_at":"2026-04-02T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.0091","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25731"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437917","reference_id":"2437917","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437917"},{"reference_url":"https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379","reference_id":"f0649b27512e987b95fcab2e1e0a3bcdafc23379","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-06T21:01:31Z/"}],"url":"https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379"},{"reference_url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc","reference_id":"GHSA-xrh9-w7qx-3gcc","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-06T21:01:31Z/"}],"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089403?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1089404?format=json","purl":"pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/582437?format=json","purl":"pkg:deb/debian/calibre@8.16.2%2Bds%2B~0.10.5-3~bpo13%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.16.2%252Bds%252B~0.10.5-3~bpo13%252B1"}],"aliases":["CVE-2026-25731"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zhz3-1799-a7hk"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42208?format=json","vulnerability_id":"VCID-4gvv-bsf9-vqca","summary":"Multiple vulnerabilities have been discovered in calibre, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46303","reference_id":"","reference_type":"","scores":[{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68631","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68594","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68438","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68458","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68434","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68485","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68501","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68527","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68515","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68482","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68523","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68536","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68514","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68563","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68568","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68574","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68552","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46303"},{"reference_url":"https://security.gentoo.org/glsa/202409-04","reference_id":"GLSA-202409-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-04"},{"reference_url":"https://github.com/0x1717/ssrf-via-img","reference_id":"ssrf-via-img","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-16T13:24:03Z/"}],"url":"https://github.com/0x1717/ssrf-via-img"},{"reference_url":"https://github.com/kovidgoyal/calibre/compare/v6.18.1...v6.19.0","reference_id":"v6.18.1...v6.19.0","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-16T13:24:03Z/"}],"url":"https://github.com/kovidgoyal/calibre/compare/v6.18.1...v6.19.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582435?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w1b-b6qm-4qhf"},{"vulnerability":"VCID-bjj5-ynf7-v7aa"},{"vulnerability":"VCID-dywq-dzuv-wka2"},{"vulnerability":"VCID-hgmk-8s7s-tfdb"},{"vulnerability":"VCID-jwpx-aqjh-dqej"},{"vulnerability":"VCID-mqmp-g7uy-gbg4"},{"vulnerability":"VCID-nj3z-4ya4-bqf7"},{"vulnerability":"VCID-vq4p-dvg4-eudz"},{"vulnerability":"VCID-x63d-4kux-cqcu"},{"vulnerability":"VCID-zhz3-1799-a7hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u5"}],"aliases":["CVE-2023-46303"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4gvv-bsf9-vqca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96866?format=json","vulnerability_id":"VCID-b3vv-xdp2-7ub8","summary":"calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve arbitrary code execution. This issue is fixed in version 8.14.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64486","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09639","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09542","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09652","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09668","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.097","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09687","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09566","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11892","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11934","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11904","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11875","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1179","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1171","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11844","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11816","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16906","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16849","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64486"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64486","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64486"},{"reference_url":"https://github.com/kovidgoyal/calibre/commit/6f94bce214bf7d43c829804db3741afa5e83c0c5","reference_id":"6f94bce214bf7d43c829804db3741afa5e83c0c5","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T21:34:15Z/"}],"url":"https://github.com/kovidgoyal/calibre/commit/6f94bce214bf7d43c829804db3741afa5e83c0c5"},{"reference_url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-hpwq-c98h-xp8g","reference_id":"GHSA-hpwq-c98h-xp8g","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T21:34:15Z/"}],"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-hpwq-c98h-xp8g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582435?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w1b-b6qm-4qhf"},{"vulnerability":"VCID-bjj5-ynf7-v7aa"},{"vulnerability":"VCID-dywq-dzuv-wka2"},{"vulnerability":"VCID-hgmk-8s7s-tfdb"},{"vulnerability":"VCID-jwpx-aqjh-dqej"},{"vulnerability":"VCID-mqmp-g7uy-gbg4"},{"vulnerability":"VCID-nj3z-4ya4-bqf7"},{"vulnerability":"VCID-vq4p-dvg4-eudz"},{"vulnerability":"VCID-x63d-4kux-cqcu"},{"vulnerability":"VCID-zhz3-1799-a7hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u5"}],"aliases":["CVE-2025-64486"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b3vv-xdp2-7ub8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97030?format=json","vulnerability_id":"VCID-bjj5-ynf7-v7aa","summary":"calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extension and arbitrary content anywhere the user has write permissions. Files are written in 'wb' mode, silently overwriting existing files. This can lead to potential code execution and Denial of Service through file corruption. This issue has been fixed in version 9.3.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26065","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11454","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11446","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11413","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11384","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11246","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11247","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11374","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11314","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11273","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11513","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.113","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11382","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11441","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13301","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14433","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1419","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1434","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26065"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26065","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26065"},{"reference_url":"https://github.com/kovidgoyal/calibre/commit/b6da1c3878c06eb1356cb0ec1106cb66e0e9bfb8","reference_id":"b6da1c3878c06eb1356cb0ec1106cb66e0e9bfb8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:41:04Z/"}],"url":"https://github.com/kovidgoyal/calibre/commit/b6da1c3878c06eb1356cb0ec1106cb66e0e9bfb8"},{"reference_url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w","reference_id":"GHSA-vmfh-7mr7-pp2w","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:41:04Z/"}],"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582435?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w1b-b6qm-4qhf"},{"vulnerability":"VCID-bjj5-ynf7-v7aa"},{"vulnerability":"VCID-dywq-dzuv-wka2"},{"vulnerability":"VCID-hgmk-8s7s-tfdb"},{"vulnerability":"VCID-jwpx-aqjh-dqej"},{"vulnerability":"VCID-mqmp-g7uy-gbg4"},{"vulnerability":"VCID-nj3z-4ya4-bqf7"},{"vulnerability":"VCID-vq4p-dvg4-eudz"},{"vulnerability":"VCID-x63d-4kux-cqcu"},{"vulnerability":"VCID-zhz3-1799-a7hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1089403?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1089404?format=json","purl":"pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/582437?format=json","purl":"pkg:deb/debian/calibre@8.16.2%2Bds%2B~0.10.5-3~bpo13%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.16.2%252Bds%252B~0.10.5-3~bpo13%252B1"}],"aliases":["CVE-2026-26065"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bjj5-ynf7-v7aa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95001?format=json","vulnerability_id":"VCID-favj-1bjh-9uff","summary":"calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44686","reference_id":"","reference_type":"","scores":[{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61347","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61424","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61452","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61423","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.6147","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61485","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61506","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61493","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61473","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61512","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61517","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.615","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61487","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61503","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61497","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61449","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61558","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44686"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582435?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w1b-b6qm-4qhf"},{"vulnerability":"VCID-bjj5-ynf7-v7aa"},{"vulnerability":"VCID-dywq-dzuv-wka2"},{"vulnerability":"VCID-hgmk-8s7s-tfdb"},{"vulnerability":"VCID-jwpx-aqjh-dqej"},{"vulnerability":"VCID-mqmp-g7uy-gbg4"},{"vulnerability":"VCID-nj3z-4ya4-bqf7"},{"vulnerability":"VCID-vq4p-dvg4-eudz"},{"vulnerability":"VCID-x63d-4kux-cqcu"},{"vulnerability":"VCID-zhz3-1799-a7hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u5"}],"aliases":["CVE-2021-44686"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-favj-1bjh-9uff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64674?format=json","vulnerability_id":"VCID-jwpx-aqjh-dqej","summary":"calibre: Calibre: Remote Code Execution via path traversal in CHM reader","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25635.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25635.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25635","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24132","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24087","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.2417","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23956","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24023","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24069","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24043","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23986","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26115","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26254","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26229","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26194","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26119","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26064","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33161","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33121","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33053","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25635","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25635"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437936","reference_id":"2437936","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437936"},{"reference_url":"https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9","reference_id":"9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-09T15:20:48Z/"}],"url":"https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9"},{"reference_url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr","reference_id":"GHSA-32vh-whvh-9fxr","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-09T15:20:48Z/"}],"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582435?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w1b-b6qm-4qhf"},{"vulnerability":"VCID-bjj5-ynf7-v7aa"},{"vulnerability":"VCID-dywq-dzuv-wka2"},{"vulnerability":"VCID-hgmk-8s7s-tfdb"},{"vulnerability":"VCID-jwpx-aqjh-dqej"},{"vulnerability":"VCID-mqmp-g7uy-gbg4"},{"vulnerability":"VCID-nj3z-4ya4-bqf7"},{"vulnerability":"VCID-vq4p-dvg4-eudz"},{"vulnerability":"VCID-x63d-4kux-cqcu"},{"vulnerability":"VCID-zhz3-1799-a7hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1089403?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1089404?format=json","purl":"pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/582437?format=json","purl":"pkg:deb/debian/calibre@8.16.2%2Bds%2B~0.10.5-3~bpo13%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.16.2%252Bds%252B~0.10.5-3~bpo13%252B1"}],"aliases":["CVE-2026-25635"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jwpx-aqjh-dqej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64675?format=json","vulnerability_id":"VCID-vq4p-dvg4-eudz","summary":"calibre: Calibre: Arbitrary file corruption via path traversal in EPUB conversion","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25636.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25636.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25636","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06031","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05948","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05981","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05964","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06003","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06041","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06022","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06014","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07127","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07143","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07085","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07061","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07192","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07162","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07169","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07298","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07379","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25636"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25636","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25636"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437730","reference_id":"2437730","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437730"},{"reference_url":"https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726","reference_id":"9484ea82c6ab226c18e6ca5aa000fa16de598726","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:19:25Z/"}],"url":"https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726"},{"reference_url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29","reference_id":"GHSA-8r26-m7j5-hm29","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:19:25Z/"}],"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582435?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w1b-b6qm-4qhf"},{"vulnerability":"VCID-bjj5-ynf7-v7aa"},{"vulnerability":"VCID-dywq-dzuv-wka2"},{"vulnerability":"VCID-hgmk-8s7s-tfdb"},{"vulnerability":"VCID-jwpx-aqjh-dqej"},{"vulnerability":"VCID-mqmp-g7uy-gbg4"},{"vulnerability":"VCID-nj3z-4ya4-bqf7"},{"vulnerability":"VCID-vq4p-dvg4-eudz"},{"vulnerability":"VCID-x63d-4kux-cqcu"},{"vulnerability":"VCID-zhz3-1799-a7hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1089403?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1089404?format=json","purl":"pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/582437?format=json","purl":"pkg:deb/debian/calibre@8.16.2%2Bds%2B~0.10.5-3~bpo13%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.16.2%252Bds%252B~0.10.5-3~bpo13%252B1"}],"aliases":["CVE-2026-25636"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vq4p-dvg4-eudz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97029?format=json","vulnerability_id":"VCID-x63d-4kux-cqcu","summary":"calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. Function extract_pictures only checks startswith('Pictures'), and does not sanitize '..' sequences. calibre's own ZipFile.extractall() in utils/zipfile.py does sanitize '..' via _get_targetpath(), but extract_pictures() bypasses this by using manual zf.read() + open(). This issue has been fixed in version 9.3.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26064","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20787","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20718","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20675","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20622","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20608","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20605","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20596","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20482","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20479","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20846","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.2056","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20636","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20698","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22867","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23999","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23848","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2393","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26064"},{"reference_url":"https://github.com/kovidgoyal/calibre/commit/e1b5f9b45a5e8fa96c136963ad9a1d35e6adac62","reference_id":"e1b5f9b45a5e8fa96c136963ad9a1d35e6adac62","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:29:11Z/"}],"url":"https://github.com/kovidgoyal/calibre/commit/e1b5f9b45a5e8fa96c136963ad9a1d35e6adac62"},{"reference_url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp","reference_id":"GHSA-72ch-3hqc-pgmp","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:29:11Z/"}],"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582435?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2w1b-b6qm-4qhf"},{"vulnerability":"VCID-bjj5-ynf7-v7aa"},{"vulnerability":"VCID-dywq-dzuv-wka2"},{"vulnerability":"VCID-hgmk-8s7s-tfdb"},{"vulnerability":"VCID-jwpx-aqjh-dqej"},{"vulnerability":"VCID-mqmp-g7uy-gbg4"},{"vulnerability":"VCID-nj3z-4ya4-bqf7"},{"vulnerability":"VCID-vq4p-dvg4-eudz"},{"vulnerability":"VCID-x63d-4kux-cqcu"},{"vulnerability":"VCID-zhz3-1799-a7hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1089403?format=json","purl":"pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1089404?format=json","purl":"pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/582437?format=json","purl":"pkg:deb/debian/calibre@8.16.2%2Bds%2B~0.10.5-3~bpo13%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.16.2%252Bds%252B~0.10.5-3~bpo13%252B1"}],"aliases":["CVE-2026-26064"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x63d-4kux-cqcu"}],"risk_score":"4.2","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u5"}