CVE
CVE-2026-25635
calibre has a Path Traversal Leading to Arbitrary File Write and Potential Code Execution
calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerability is fixed in 9.2.0.
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
8.6
-
3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
C
H
U
0
-
3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
C
H
U
-
Related Resources
No items found.
References
https://0x5t.raptx.org/posts/calibre-chm-rce, https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25635.json, https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9, https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr, https://nvd.nist.gov/vuln/detail/CVE-2026-25635
Basic Information
Ecosystem
