CVE-2026-26065
Path Traversal in calibre PDB Readers Allows Arbitrary File Write
Publication date: 2026-02-20
Last updated on: 2026-02-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| calibre-ebook | calibre | to 9.3.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to write arbitrary files anywhere on your system where you have write permissions. Because files are written in a way that can overwrite existing files silently, this can lead to:
- Potential execution of malicious code if executable files are overwritten or created.
- Denial of Service (DoS) through corruption of important files.
- Compromise of system integrity and security due to unauthorized file modifications.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-26065 is a vulnerability in the Calibre eBook management software (version 9.2.1 and below) related to how it handles images extracted from PDB (Palm Database) eBook files. The issue is a path traversal flaw in the PDB readers that allows an attacker to write arbitrary files with any extension and content to any location where the user has write permissions.'}, {'type': 'paragraph', 'content': "This happens because the software does not properly validate file paths when extracting images, allowing files to be written outside the intended extraction directory. Files are written in 'wb' mode, which can silently overwrite existing files."}, {'type': 'paragraph', 'content': 'The vulnerability can lead to arbitrary file writes, which may result in code execution or denial of service through file corruption. The issue was fixed in version 9.3.0 by adding path validation to ensure extracted files remain within the designated directory.'}] [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves path traversal in the Calibre eBook manager when processing PDB files, allowing arbitrary file writes. Detection would involve monitoring for unexpected file writes outside the intended extraction directories, especially during PDB eBook processing.'}, {'type': 'paragraph', 'content': "Since the vulnerability allows arbitrary file writes in 'wb' mode, you can check for suspicious file creation or modification events in directories where Calibre processes PDB files."}, {'type': 'paragraph', 'content': 'Suggested commands to detect potential exploitation attempts include:'}, {'type': 'list_item', 'content': "On Linux, use auditd or inotifywait to monitor file writes in Calibre's working directories, for example: inotifywait -m -r -e create,modify /path/to/calibre/library"}, {'type': 'list_item', 'content': 'Use file integrity monitoring tools like tripwire or AIDE to detect unexpected changes in files within Calibre directories.'}, {'type': 'list_item', 'content': 'Check Calibre logs (if enabled) for any unusual extraction or image writing operations.'}, {'type': 'paragraph', 'content': 'There are no specific commands provided in the resources, so these general monitoring approaches are recommended.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade Calibre to version 9.3.0 or later, where this vulnerability has been fixed.
The fix involves validating and restricting extracted image file paths to remain within the intended extraction directory, preventing path traversal and arbitrary file writes.
Until the upgrade can be applied, avoid opening or processing untrusted PDB eBook files with vulnerable versions of Calibre (9.2.1 and below).
Additionally, ensure that the user running Calibre has limited write permissions to only necessary directories to reduce the impact of potential exploitation.