CNNVD-202602-924 Information

CNNVD ID

CNNVD-202602-924

Related CVE

CVE-2026-25731

• CNNVD Published: 2026-02-06

Description (Chinese)

Calibre是印度Kovid Goyal个人开发者的一个开源免费的全能电子书阅读管理与格式转换工具。 calibre 9.2.0之前版本存在安全漏洞，该漏洞源于服务器端模板注入，可能导致执行任意代码。

Description (English)

Calibre is an open-source, free-of-charge, electronic book reading management and format conversion tool for individual developers in Kovid Goyal, India. There was a security gap in the pre-Calibre 9.2.0 version, which originated from the injection of server-end templates, which could lead to the implementation of any code.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379 https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc https://access.redhat.com/security/cve/cve-2026-25731

Patch

https://github.com/kovidgoyal/calibre/releases