{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-01T13:34:58.785","vulnerabilities":[{"cve":{"id":"CVE-2026-25636","sourceIdentifier":"security-advisories@github.com","published":"2026-02-06T21:16:18.833","lastModified":"2026-06-17T10:24:59.430","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0."},{"lang":"es","value":"calibre es un gestor de libros electrónicos. En 9.1.0 y versiones anteriores, una vulnerabilidad de salto de ruta en la conversión de EPUB de Calibre permite que un archivo EPUB malicioso corrompa archivos existentes arbitrarios escribibles por el proceso de Calibre. Durante la conversión, Calibre resuelve la URI de CipherReference de META-INF/encryption.xml a una ruta de sistema de archivos absoluta y lo abre en modo de lectura-escritura, incluso cuando apunta fuera del directorio de extracción de la conversión. Esta vulnerabilidad está corregida en 9.2.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"kovidgoyal","product":"calibre","versions":[{"version":"< 9.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-09T15:19:25.611213Z","id":"CVE-2026-25636","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-73"},{"lang":"en","value":"CWE-94"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.0","matchCriteriaId":"264BDA56-70BE-4FCE-96AD-7F9D1BA0FB54"}]}]}],"references":[{"url":"https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://0x5t.raptx.org/posts/calibre-epub-rce","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}