{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T22:46:20.677","vulnerabilities":[{"cve":{"id":"CVE-2026-25731","sourceIdentifier":"security-advisories@github.com","published":"2026-02-06T21:16:19.457","lastModified":"2026-02-17T21:18:56.893","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0."},{"lang":"es","value":"calibre es un gestor de libros electrónicos. Antes de la versión 9.2.0, una vulnerabilidad de inyección de plantillas del lado del servidor (SSTI) en el motor de plantillas Templite de Calibre permite la ejecución de código arbitrario cuando un usuario convierte un libro electrónico utilizando un archivo de plantilla personalizado malicioso a través de las opciones de línea de comandos --template-html o --template-html-index. Esta vulnerabilidad está corregida en la versión 9.2.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-1336"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.0","matchCriteriaId":"264BDA56-70BE-4FCE-96AD-7F9D1BA0FB54"}]}]}],"references":[{"url":"https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]}]}}]}