CVE-2026-25635

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-25635

8.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

c

alibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerability is fixed in 9.2.0.

References
Link Resource
https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9 Patch
https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr Exploit Third Party Advisory
https://0x5t.raptx.org/posts/calibre-chm-rce Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*
History

17 Feb 2026, 21:27

Type Values Removed Values Added
Summary
  • (es) calibre es un gestor de libros electrónicos. Antes de la 9.2.0, el lector CHM de Calibre contiene una vulnerabilidad de salto de ruta que permite la escritura arbitraria de archivos en cualquier lugar donde el usuario tenga permisos de escritura. En Windows (no se ha probado en otros sistemas operativos), esto puede llevar a la ejecución remota de código escribiendo una carga útil en la carpeta de Inicio, que se ejecuta en el siguiente inicio de sesión. Esta vulnerabilidad se corrigió en la 9.2.0.
References () https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9 - () https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9 - Patch
References () https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr - () https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr - Exploit, Third Party Advisory
References () https://0x5t.raptx.org/posts/calibre-chm-rce - () https://0x5t.raptx.org/posts/calibre-chm-rce - Exploit, Third Party Advisory
CPE cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*
First Time Calibre-ebook
Calibre-ebook calibre

11 Feb 2026, 15:16

Type Values Removed Values Added
References
  • () https://0x5t.raptx.org/posts/calibre-chm-rce -

06 Feb 2026, 21:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-06 21:16

Updated : 2026-02-17 21:27

NVD link : CVE-2026-25635

Mitre link : CVE-2026-25635

CVE.ORG link : CVE-2026-25635

JSON object : View

Products Affected

calibre-ebook

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')