Description

calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0.

INFO

Published Date :

2026-02-06T20:07:40.529Z

Last Modified :

2026-02-11T14:51:19.827Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-25636 vulnerability.

Vendors Products
Calibre-ebook
  • Calibre
Kovidgoyal
  • Calibre
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25636.

URL Resource
https://0x5t.raptx.org/posts/calibre-epub-rce cve-icon
https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726 cve-icon cve-icon cve-icon
https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-25636 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-25636 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact