CVE-2026-33205 in calibre
Resumen (Inglés)
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitrary URLs and exfiltrate information out from the ebook sandbox. Version 9.6.0 patches the issue.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Responsable
GitHub_M
Reservar
2026-03-18
Divulgación
2026-03-27
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 353916 | kovidgoyal calibre background-image escalada de privilegios | 918 | No está definido | Arreglo oficial | CVE-2026-33205 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV