Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.4
Calibre e-book manager: Authentication Bypass via Malicious Links
CVE-2026-27810
Summary
A security flaw in calibre's Content Server allows authenticated users to inject malicious links into responses, potentially allowing an attacker to steal user data or take control of the server. This affects all users who run the Content Server with authentication enabled. Update to version 9.4.0 to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| calibre-ebook | calibre | <= 9.4.0 | – |
Original title
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content S...
Original description
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an unsanitized `content_disposition` query parameter in the `/get/` and `/data-files/get/` endpoints. All users running the calibre Content Server with authentication enabled are affected. The vulnerability is exploitable by any authenticated user and can also be triggered by tricking an authenticated victim into clicking a crafted link. Version 9.4.0 contains a fix for the issue.
nvd CVSS3.1
6.4
Vulnerability type
CWE-113
- https://github.com/kovidgoyal/calibre/security/advisories/GHSA-5fpj-fxw7-8grw Exploit Mitigation Vendor Advisory
Published: 27 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026