Unrated severityNVD Advisory· Published Mar 27, 2026· Updated Mar 27, 2026
calibre has Server-Side Request Forgery in ebook viewer backend
CVE-2026-33205
Description
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitrary URLs and exfiltrate information out from the ebook sandbox. Version 9.6.0 patches the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<9.6.0+ 1 more
- (no CPE)range: <9.6.0
- (no CPE)range: < 9.6.0
Patches
Vulnerability mechanics
References
1- github.com/kovidgoyal/calibre/security/advisories/GHSA-4926-v9px-wv7vmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.