NIXPKGS-2026-0156
GitHub issue
published on 7 Feb 2026
Permalink
CVE-2026-25635
8.6 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
4 packages
- calibre-web
- pkgsRocm.calibre
- calibre-no-speech
- pkgsRocm.calibre-no-speech
- @LeSuisse accepted
- @LeSuisse published on GitHub
calibre has a Path Traversal Leading to Arbitrary File Write and Potential Code Execution
calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerability is fixed in 9.2.0.
References
- https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr x_refsource_CONFIRM
- https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9 x_refsource_MISC
- https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr x_refsource_CONFIRM
- https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9 x_refsource_MISC
- https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr x_refsource_CONFIRM
- https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9 x_refsource_MISC
- https://0x5t.raptx.org/posts/calibre-chm-rce
Affected products
calibre
- ==< 9.2.0
Package maintainers
-
@pSub Pascal Wittmann <mail@pascal-wittmann.de>