{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T04:24:51.904","vulnerabilities":[{"cve":{"id":"CVE-2026-27810","sourceIdentifier":"security-advisories@github.com","published":"2026-02-27T20:21:39.780","lastModified":"2026-03-04T16:40:42.740","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an unsanitized `content_disposition` query parameter in the `/get/` and `/data-files/get/` endpoints. All users running the calibre Content Server with authentication enabled are affected. The vulnerability is exploitable by any authenticated user and can also be triggered by tricking an authenticated victim into clicking a crafted link. Version 9.4.0 contains a fix for the issue."},{"lang":"es","value":"calibre es un gestor de libros electrónicos multiplataforma para ver, convertir, editar y catalogar libros electrónicos. Antes de la versión 9.4.0, una vulnerabilidad de inyección de encabezado de respuesta HTTP en el servidor de contenido de calibre permite a cualquier usuario autenticado inyectar encabezados HTTP arbitrarios en las respuestas del servidor a través de un parámetro de consulta 'content_disposition' no saneado en los puntos finales '/get/' y '/data-files/get/'. Todos los usuarios que ejecutan el servidor de contenido de calibre con la autenticación habilitada se ven afectados. La vulnerabilidad es explotable por cualquier usuario autenticado y también puede ser activada engañando a una víctima autenticada para que haga clic en un enlace manipulado. La versión 9.4.0 contiene una solución para el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-113"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*","versionEndExcluding":"9.4.0","matchCriteriaId":"3665E54E-5F8D-405A-BA97-8DD783962094"}]}]}],"references":[{"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-5fpj-fxw7-8grw","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}}]}