CVE-2026-27810
Received Received - Intake
HTTP Response Header Injection in calibre Content Server

Publication date: 2026-02-27

Last updated on: 2026-03-04

Assigner: GitHub, Inc.

Description
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an unsanitized `content_disposition` query parameter in the `/get/` and `/data-files/get/` endpoints. All users running the calibre Content Server with authentication enabled are affected. The vulnerability is exploitable by any authenticated user and can also be triggered by tricking an authenticated victim into clicking a crafted link. Version 9.4.0 contains a fix for the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-27
Last Modified
2026-03-04
Generated
2026-05-07
AI Q&A
2026-02-27
EPSS Evaluated
2026-05-05
NVD
CVE-2026-27810
EUVD
EUVD-2026-9056
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
calibre-ebook calibre to 9.4.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-113 The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an HTTP Response Header Injection in the calibre Content Server prior to version 9.4.0. It allows any authenticated user to inject arbitrary HTTP headers into server responses by exploiting an unsanitized `content_disposition` query parameter in the `/get/` and `/data-files/get/` endpoints.

The vulnerability can also be triggered by tricking an authenticated user into clicking a specially crafted link, making it possible for attackers to manipulate server responses.


How can this vulnerability impact me? :

The vulnerability can impact you by allowing an authenticated user or an attacker who tricks an authenticated user to inject arbitrary HTTP headers into server responses. This can lead to security issues such as information disclosure or manipulation of how the server communicates with clients.

According to the CVSS score of 6.4, the impact includes low confidentiality and integrity impacts but no availability impact.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade the calibre Content Server to version 9.4.0 or later, as this version contains the fix for the HTTP Response Header Injection issue.

Additionally, consider restricting access to the Content Server and ensure that only trusted authenticated users can access it to reduce the risk of exploitation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart