What is the CVSS score of CVE-2026-27810?

CVE-2026-27810 has a CVSS 3.1 base score of 6.4 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Calibre are affected by CVE-2026-27810?

Organizations using calibre should be aware of moderate risk from CVE-2026-27810 rated CVSS 6.4. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2026-27810?

Yes, a public proof-of-concept exploit is available for CVE-2026-27810. Prioritise patching immediately. EPSS: 0.0%.

Calibre CVE-2026-27810

MEDIUM

HTTP Response Splitting (CWE-113)

2026-02-27 security-advisories@github.com

Code Injection Calibre Suse

6.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 04, 2026 - 16:40 vuln.today

Public exploit code

CVE Published

Feb 27, 2026 - 20:21 nvd

MEDIUM 6.4

DescriptionNVD

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an unsanitized content_disposition query parameter in the /get/ and /data-files/get/ endpoints. All users running the calibre Content Server with authentication enabled are affected. The vulnerability is exploitable by any authenticated user and can also be triggered by tricking an authenticated victim into clicking a crafted link. Version 9.4.0 contains a fix for the issue.

AnalysisAI

HTTP response header injection in Calibre Content Server prior to version 9.4.0 permits authenticated users to inject arbitrary headers through an unsanitized query parameter, potentially enabling cache poisoning, session fixation, or credential theft attacks. Any authenticated user can exploit this vulnerability directly or via social engineering, affecting all instances with authentication enabled. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2026-27810 vulnerability details – vuln.today

Back