CVE-2026-27810 in calibre
Summary
by MITRE • 02/27/2026
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an unsanitized `content_disposition` query parameter in the `/get/` and `/data-files/get/` endpoints. All users running the calibre Content Server with authentication enabled are affected. The vulnerability is exploitable by any authenticated user and can also be triggered by tricking an authenticated victim into clicking a crafted link. Version 9.4.0 contains a fix for the issue.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/05/2026
The CVE-2026-27810 vulnerability represents a critical HTTP Response Header Injection flaw within the calibre Content Server component that affects users running versions prior to 9.4.0. This vulnerability specifically targets the content server's handling of HTTP responses when processing requests through the `/get/` and `/data-files/get/` endpoints. The flaw stems from inadequate input sanitization of the `content_disposition` query parameter, which allows authenticated users to inject malicious HTTP headers into server responses. The vulnerability is classified under CWE-113 as "Improper Neutralization of CRLF Characters in HTTP Headers" and aligns with ATT&CK technique T1190 "Exploit Public-Facing Application" as it enables attackers to manipulate HTTP responses through authenticated access points.
The technical implementation of this vulnerability exploits the fact that the calibre Content Server fails to properly sanitize user-supplied input before incorporating it into HTTP response headers. When an authenticated user submits a request containing a maliciously crafted `content_disposition` parameter, the server processes this input without adequate validation or sanitization, allowing arbitrary header injection. This creates a pathway for attackers to manipulate the HTTP response structure, potentially enabling various malicious activities including cache poisoning, cross-site scripting attacks, or session manipulation. The vulnerability's exploitation requires only authentication credentials, making it particularly dangerous as it can be leveraged by legitimate users with access privileges.
The operational impact of this vulnerability extends beyond simple header injection, as it can be weaponized to conduct more sophisticated attacks within the network environment. An authenticated attacker could potentially inject headers that modify cache behavior, manipulate browser security policies, or redirect users to malicious sites. The vulnerability is particularly concerning in environments where calibre Content Server serves as a gateway for accessing sensitive e-book collections, as it could enable unauthorized data exfiltration or manipulation of content delivery. Additionally, the vulnerability can be triggered through social engineering attacks where victims are tricked into clicking malicious links, expanding the attack surface beyond direct authentication.
Organizations utilizing calibre Content Server should immediately implement the remediation provided in version 9.4.0 which addresses the input sanitization issue through proper validation of the `content_disposition` parameter. Security teams should conduct comprehensive assessments of their calibre installations to ensure all systems have been updated to version 9.4.0 or later. Additional mitigations include implementing network-level monitoring to detect anomalous header injection patterns and establishing strict access controls for Content Server endpoints. The vulnerability demonstrates the importance of proper input validation in web applications and aligns with security best practices outlined in OWASP Top Ten, specifically addressing the risk of insufficient input validation and improper error handling in web applications. Organizations should also consider implementing automated patch management systems to ensure timely deployment of security updates across all calibre installations.