CVE-2026-33205

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Mar 27, 2026

Vendor unknown

Description

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitrary URLs and exfiltrate information out from the ebook sandbox. Version 9.6.0 patches the issue.

References

https://github.com/kovidgoyal/calibre/security/advisories/GHSA-4926-v9px-wv7v