CVE-2026-25636: Calibre Path Traversal Vulnerability

CVE-2026-25636 Overview

CVE-2026-25636 is a path traversal vulnerability in Calibre, a popular open-source e-book management application. The vulnerability exists in versions 9.1.0 and earlier, affecting the EPUB conversion functionality. A malicious EPUB file can exploit this flaw to corrupt arbitrary existing files that are writable by the Calibre process.

During EPUB conversion, Calibre resolves CipherReference URI values from META-INF/encryption.xml to absolute filesystem paths and opens them in read-write mode. The vulnerability occurs because Calibre fails to properly validate that the resolved path remains within the conversion extraction directory, allowing attackers to traverse outside the intended directory structure.

Critical Impact

A malicious EPUB file can corrupt or overwrite arbitrary files accessible to the Calibre process, potentially leading to data loss, system instability, or further exploitation through modified configuration files.

Affected Products

• Calibre e-book manager version 9.1.0 and earlier
• All platforms running vulnerable Calibre versions (Windows, macOS, Linux)
• Systems processing untrusted EPUB files through Calibre conversion

Discovery Timeline

• 2026-02-06 - CVE-2026-25636 published to NVD
• 2026-02-11 - Last updated in NVD database

Technical Details for CVE-2026-25636

Vulnerability Analysis

This path traversal vulnerability (CWE-22) affects the EPUB conversion pipeline in Calibre. The flaw resides in how the application processes encrypted font references within EPUB files. When Calibre encounters a CipherReference element in the META-INF/encryption.xml file, it constructs a filesystem path by joining the encryption file's directory with the URI value.

The vulnerable code fails to properly constrain the resulting path to the container's base directory. Instead, it uses os.getcwd() as the boundary check, which does not align with the actual extraction directory. This mismatch allows a crafted URI containing path traversal sequences (e.g., ../../../) to escape the intended directory and access arbitrary files on the filesystem.

When a malicious EPUB is processed, the application opens the traversed path in read-write mode for font decryption operations. This can result in corruption of critical system or user files that the Calibre process has write access to.

Root Cause

The root cause is improper path validation in the epub_input.py conversion plugin. The code uses os.getcwd() as the boundary for the is_existing_subpath() check instead of using the actual container base directory. This allows CipherReference URI values to resolve to paths outside the EPUB extraction directory.

The fix correctly establishes container_base as the appropriate boundary by deriving it from the encryption file's parent directory, ensuring all resolved paths remain within the legitimate extraction scope.

Attack Vector

The attack requires local interaction where a user must open or convert a malicious EPUB file. An attacker crafts an EPUB with a specially constructed META-INF/encryption.xml file containing CipherReference URIs with directory traversal sequences. When a victim processes this file through Calibre's conversion functionality, the application follows the malicious path and corrupts the targeted file.

Attack scenarios include:

• Distributing malicious EPUB files through file-sharing platforms
• Compromising EPUB download sources
• Social engineering users to convert attacker-provided files

# Security patch in src/calibre/ebooks/conversion/plugins/epub_input.py
# Source: https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726
 
         try:
             root = etree.parse(encfile)
+            base = os.path.dirname(encfile)
+            container_base = os.path.dirname(base)
             for em in root.xpath('descendant::*[contains(name(), \"EncryptionMethod\")]'):
                 algorithm = em.get('Algorithm', '')
                 if algorithm not in {ADOBE_OBFUSCATION, IDPF_OBFUSCATION}:
                     return False
                 cr = em.getparent().xpath('descendant::*[contains(name(), \"CipherReference\")]')[0]
                 uri = cr.get('URI')
-                path = os.path.abspath(os.path.join(os.path.dirname(encfile), '..', *uri.split('/')))
+                path = os.path.abspath(os.path.join(base, '..', *uri.split('/')))
                 tkey = (key if algorithm == ADOBE_OBFUSCATION else idpf_key)
-                if (tkey and is_existing_subpath(path, os.getcwd())):
+                if (tkey and is_existing_subpath(path, container_base)):
                     self._encrypted_font_uris.append(uri)
                     decrypt_font(tkey, path, algorithm)
             return True

Detection Methods for CVE-2026-25636

Indicators of Compromise

• Unexpected file modifications or corruption following EPUB file processing
• EPUB files containing suspicious META-INF/encryption.xml with path traversal patterns like ../ sequences
• File access logs showing Calibre accessing paths outside its normal working directories
• Modified system configuration files or user data coinciding with EPUB conversion activities

Detection Strategies

• Monitor file system activity during EPUB conversion for writes outside expected directories
• Implement YARA rules to detect EPUB files with malicious CipherReference URIs containing traversal sequences
• Audit Calibre process file access patterns for anomalous path references
• Scan incoming EPUB files for encryption.xml entries containing ../ patterns

Monitoring Recommendations

• Enable file integrity monitoring on critical system and configuration files
• Log all file write operations performed by the Calibre process
• Implement endpoint detection rules for path traversal patterns in document processing
• Configure SentinelOne to monitor for suspicious file modifications during e-book processing operations

How to Mitigate CVE-2026-25636

Immediate Actions Required

• Upgrade Calibre to version 9.2.0 or later immediately
• Avoid processing EPUB files from untrusted sources until the patch is applied
• Review recently converted EPUB files for potential malicious content
• Run file integrity checks on systems where Calibre has been used with untrusted files

Patch Information

The vulnerability is fixed in Calibre version 9.2.0. The patch modifies the path resolution logic in src/calibre/ebooks/conversion/plugins/epub_input.py to properly constrain file access to the container base directory. The fix is available in commit 9484ea82c6ab226c18e6ca5aa000fa16de598726.

For additional technical details, see the GitHub Security Advisory and the detailed analysis by 0x5t.

Workarounds

• Run Calibre with minimal file system permissions to limit potential damage
• Process EPUB files in a sandboxed environment or container with restricted file access
• Implement file system access controls to prevent Calibre from writing to sensitive directories
• Pre-scan EPUB files for suspicious encryption.xml content before processing

# Configuration example
# Run Calibre conversion in a restricted sandbox (Linux)
firejail --noprofile --whitelist=/path/to/ebooks calibre

# Create dedicated user with limited permissions for EPUB processing
sudo useradd -r -s /bin/false calibre-sandbox
sudo -u calibre-sandbox calibre --convert input.epub output.mobi