CNNVD-202602-916 Information

CNNVD ID

CNNVD-202602-916

Related CVE

CVE-2026-25636

• CNNVD Published: 2026-02-06

Description (Chinese)

Calibre是印度Kovid Goyal个人开发者的一个开源免费的全能电子书阅读管理与格式转换工具。 Calibre 9.1.0及之前版本存在代码注入漏洞，该漏洞源于EPUB转换过程中存在路径遍历，可能允许恶意EPUB文件损坏Calibre进程可写的任意现有文件。

Description (English)

Calibre is an open-source, free-of-charge, electronic book reading management and format conversion tool for individual developers in Kovid Goyal, India. Calibre 9.1.0 and previous versions had a code-injecting loophole, which stemmed from the routing of the EPUB conversion process and might allow malicious EPUB files to damage any existing documents that the Calibre process could write.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

个人开发者

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726 https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29 https://access.redhat.com/security/cve/cve-2026-25636

Patch

https://github.com/kovidgoyal/calibre/releases