{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25731", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-05T16:48:00.427Z", "datePublished": "2026-02-06T20:14:35.822Z", "dateUpdated": "2026-02-06T21:02:01.147Z"}, "containers": {"cna": {"title": "Calibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML Export", "problemTypes": [{"descriptions": [{"cweId": "CWE-1336", "lang": "en", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc"}, {"name": "https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379", "tags": ["x_refsource_MISC"], "url": "https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379"}], "affected": [{"vendor": "kovidgoyal", "product": "calibre", "versions": [{"version": "< 9.2.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-06T20:14:35.822Z"}, "descriptions": [{"lang": "en", "value": "calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0."}], "source": {"advisory": "GHSA-xrh9-w7qx-3gcc", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-06T21:01:31.473045Z", "id": "CVE-2026-25731", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T21:02:01.147Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25731", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-06T21:01:31.473045Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T21:01:51.273Z"}}], "cna": {"title": "Calibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML Export", "source": {"advisory": "GHSA-xrh9-w7qx-3gcc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "kovidgoyal", "product": "calibre", "versions": [{"status": "affected", "version": "< 9.2.0"}]}], "references": [{"url": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc", "name": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379", "name": "https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1336", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-06T20:14:35.822Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25731", "state": "PUBLISHED", "dateUpdated": "2026-02-06T21:02:01.147Z", "dateReserved": "2026-02-05T16:48:00.427Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-06T20:14:35.822Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*", "matchCriteriaId": "264BDA56-70BE-4FCE-96AD-7F9D1BA0FB54", "versionEndExcluding": "9.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0."}, {"lang": "es", "value": "calibre es un gestor de libros electr\u00f3nicos. Antes de la versi\u00f3n 9.2.0, una vulnerabilidad de inyecci\u00f3n de plantillas del lado del servidor (SSTI) en el motor de plantillas Templite de Calibre permite la ejecuci\u00f3n de c\u00f3digo arbitrario cuando un usuario convierte un libro electr\u00f3nico utilizando un archivo de plantilla personalizado malicioso a trav\u00e9s de las opciones de l\u00ednea de comandos --template-html o --template-html-index. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 9.2.0."}], "id": "CVE-2026-25731", "lastModified": "2026-02-17T21:18:56.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-06T21:16:19.457", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1336"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "calibre: Calibre: Arbitrary Code Execution via malicious custom template file during ebook conversion", "id": "2437917", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437917"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-917", "details": ["calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.", "A flaw was found in Calibre, an e-book manager. This Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows an attacker to achieve arbitrary code execution. This occurs when a user converts an ebook using a specially crafted malicious custom template file, provided via the --template-html or --template-html-index command-line options. This could lead to a complete compromise of the affected system."], "mitigation": {"lang": "en:us", "value": "To mitigate this vulnerability, users should avoid converting ebooks using untrusted or malicious custom template files with the `--template-html` or `--template-html-index` command-line options. Only use template files from trusted sources."}, "name": "CVE-2026-25731", "public_date": "2026-02-06T20:14:35Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-25731\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25731\nhttps://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379\nhttps://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc"], "statement": "This is an IMPORTANT arbitrary code execution vulnerability in Calibre's HTML export functionality. It occurs when a user processes an ebook with a specially crafted custom template file using the `--template-html` or `--template-html-index` command-line options. This issue affects Calibre versions prior to 9.2.0, as distributed in Fedora 42 and Fedora 43.", "threat_severity": "Important"}

{"created": "2026-02-09T10:49:44.954935+00:00", "updated": "2026-02-09T10:49:44.954968+00:00", "vendors": ["kovidgoyal", "kovidgoyal$PRODUCT$calibre"]}