← Retour aux CVEs
CVE-2026-33205
MEDIUM5.5
Description
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitrary URLs and exfiltrate information out from the ebook sandbox. Version 9.6.0 patches the issue.
Details CVE
Score CVSS v3.15.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie3/27/2026
Derniere modification3/30/2026
Sourcenvd
Observations honeypot0
Produits affectes
calibre-ebook:calibre
Faiblesses (CWE)
CWE-918
References
https://github.com/kovidgoyal/calibre/security/advisories/GHSA-4926-v9px-wv7v(security-advisories@github.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.