NIXPKGS-2026-0160
GitHub issue
published on 7 Feb 2026
Permalink
CVE-2026-25636
8.2 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
4 packages
- calibre-web
- pkgsRocm.calibre
- calibre-no-speech
- pkgsRocm.calibre-no-speech
- @LeSuisse accepted
- @LeSuisse published on GitHub
calibre has a Path Traversal Leading to Arbitrary File Corruption and Code Execution
calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0.
References
- https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29 x_refsource_CONFIRM
- https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726 x_refsource_MISC
- https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29 x_refsource_CONFIRM
- https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726 x_refsource_MISC
- https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29 x_refsource_CONFIRM
- https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726 x_refsource_MISC
- https://0x5t.raptx.org/posts/calibre-epub-rce
Affected products
calibre
- ==< 9.2.0
Package maintainers
-
@pSub Pascal Wittmann <mail@pascal-wittmann.de>