Skip to main content

Calibre CVE-2026-27810

MEDIUM
HTTP Response Splitting (CWE-113)
2026-02-27 security-advisories@github.com
6.4
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
SUSE
MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Mar 04, 2026 - 16:40 vuln.today
Public exploit code
CVE Published
Feb 27, 2026 - 20:21 nvd
MEDIUM 6.4

DescriptionGitHub Advisory

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an unsanitized content_disposition query parameter in the /get/ and /data-files/get/ endpoints. All users running the calibre Content Server with authentication enabled are affected. The vulnerability is exploitable by any authenticated user and can also be triggered by tricking an authenticated victim into clicking a crafted link. Version 9.4.0 contains a fix for the issue.

AnalysisAI

HTTP response header injection in Calibre Content Server prior to version 9.4.0 permits authenticated users to inject arbitrary headers through an unsanitized query parameter, potentially enabling cache poisoning, session fixation, or credential theft attacks. Any authenticated user can exploit this vulnerability directly or via social engineering, affecting all instances with authentication enabled. Public exploit code exists and no patch is currently available.

Technical ContextAI

Classified as CWE-113 (HTTP Response Splitting). Affects Calibre. calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an unsanitized content_disposition query parameter in the /get/ and /data-files/get/ endpoints. All users running the calibre Content Server with authentication enabled are affected. The vulnerability i

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2026-26064 HIGH POC
8.8 Feb 20

Remote code execution in Calibre 9.2.1 and earlier allows authenticated users to write arbitrary files via a path traver

CVE-2026-26065 HIGH POC
8.8 Feb 20

Calibre versions 9.2.1 and below allow authenticated users to write arbitrary files with any extension to any writable l

CVE-2026-25635 HIGH POC
8.6 Feb 06

Remote code execution in Calibre prior to version 9.2.0 through a path traversal flaw in the CHM reader allows local att

CVE-2026-25636 HIGH POC
8.2 Feb 06

Calibre 9.1.0 and earlier contains a path traversal vulnerability in EPUB conversion that allows malicious EPUB files to

CVE-2026-25731 HIGH POC
7.8 Feb 06

calibre is an e-book manager. [CVSS 7.8 HIGH]

CVE-2018-7889 HIGH POC
7.8 Mar 08

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attacke

CVE-2024-6781 HIGH POC
7.5 Aug 06

Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. Rated high severity

CVE-2023-46303 HIGH POC
7.5 Oct 22

link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources ou

CVE-2021-44686 HIGH POC
7.5 Dec 07

calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) i

CVE-2024-7009 HIGH POC
7.1 Aug 06

Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL in

CVE-2024-7008 MEDIUM POC
6.1 Aug 06

Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting. Rated medium seve

CVE-2016-10187 MEDIUM POC
5.5 Mar 16

The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with Ja

Vendor StatusVendor

SUSE

Severity: Medium

Share

CVE-2026-27810 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy