Skip to main content

Calibre CVE-2026-25636

HIGH
Path Traversal (CWE-22)
2026-02-06 security-advisories@github.com
Path Traversal Calibre Red Hat Suse
8.2
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.2 HIGH
AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
8.2 HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Feb 17, 2026 - 21:23 vuln.today
Public exploit code
Patch released
Feb 17, 2026 - 21:23 nvd
Patch available
CVE Published
Feb 06, 2026 - 21:16 nvd
HIGH 8.2

DescriptionGitHub Advisory

calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0.

AnalysisAI

Calibre 9.1.0 and earlier contains a path traversal vulnerability in EPUB conversion that allows malicious EPUB files to corrupt or modify arbitrary files writable by the Calibre process. The vulnerability exploits improper handling of CipherReference URIs in encryption metadata, enabling attackers to write outside the intended extraction directory. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious EPUB with path traversal in encryption.xml
Delivery
User opens EPUB in Calibre conversion
Exploit
CipherReference URI resolves to arbitrary file path
Execution
Calibre opens file in read-write mode
Impact
Attacker corrupts arbitrary files
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Calibre versions 9.1.0 and earlier with EPUB conversion feature enabled. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 8.2 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker could exploit this vulnerability to compromise the affected system.
Remediation A vendor patch is available — apply it immediately. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all systems running Calibre 9.1.0 and earlier; restrict EPUB file processing to trusted sources only and disable automated conversion features if possible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: High

Share

CVE-2026-25636 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy