Unrated severityNVD Advisory· Published Mar 27, 2026· Updated Mar 27, 2026
calibre has a path traversal vulnerability
CVE-2026-33206
Description
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitrary files from the file system into the converted book. Additionally, missing authentication and server-side request forgery in the background-image endpoint in the ebook reader web view allow the files to be exfiltrated without additional interaction. Version 9.6.0 contains a fix.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<9.6.0+ 1 more
- (no CPE)range: <9.6.0
- (no CPE)range: < 9.6.0
Patches
Vulnerability mechanics
References
1- github.com/kovidgoyal/calibre/security/advisories/GHSA-h3p4-m74f-43g6mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.