CVE-2026-33205
calibre has Server-Side Request Forgery in ebook viewer backend
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitrary URLs and exfiltrate information out from the ebook sandbox. Version 9.6.0 patches the issue.
| CWE | CWE-918 |
| Vendor | kovidgoyal |
| Product | calibre |
| Published | Mar 27, 2026 |
| Last Updated | Mar 27, 2026 |
Stay Ahead of the Next One
Get instant alerts for kovidgoyal calibre
Be the first to know when new unknown vulnerabilities affecting kovidgoyal calibre are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
kovidgoyal / calibre
< 9.6.0