CVE-2026-27810
Received Received - Intake
HTTP Response Header Injection in calibre Content Server

Publication date: 2026-02-27

Last updated on: 2026-03-04

Assigner: GitHub, Inc.

Description
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an unsanitized `content_disposition` query parameter in the `/get/` and `/data-files/get/` endpoints. All users running the calibre Content Server with authentication enabled are affected. The vulnerability is exploitable by any authenticated user and can also be triggered by tricking an authenticated victim into clicking a crafted link. Version 9.4.0 contains a fix for the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-27
Last Modified
2026-03-04
Generated
2026-06-16
AI Q&A
2026-02-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27810
EUVD
EUVD-2026-9056
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
calibre-ebook calibre to 9.4.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-113 The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an HTTP Response Header Injection in the calibre Content Server prior to version 9.4.0. It allows any authenticated user to inject arbitrary HTTP headers into server responses by exploiting an unsanitized `content_disposition` query parameter in the `/get/` and `/data-files/get/` endpoints.

The vulnerability can also be triggered by tricking an authenticated user into clicking a specially crafted link, making it possible for attackers to manipulate server responses.

Impact Analysis

The vulnerability can impact you by allowing an authenticated user or an attacker who tricks an authenticated user to inject arbitrary HTTP headers into server responses. This can lead to security issues such as information disclosure or manipulation of how the server communicates with clients.

According to the CVSS score of 6.4, the impact includes low confidentiality and integrity impacts but no availability impact.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the calibre Content Server to version 9.4.0 or later, as this version contains the fix for the HTTP Response Header Injection issue.

Additionally, consider restricting access to the Content Server and ensure that only trusted authenticated users can access it to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27810. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart