CVE-2026-26064 Overview
CVE-2026-26064 is a critical Path Traversal vulnerability affecting Calibre, a popular cross-platform e-book manager used for viewing, converting, editing, and cataloging e-books. The vulnerability exists in versions 9.2.1 and below, where the extract_pictures function fails to properly sanitize path sequences, allowing attackers to write arbitrary files anywhere the user has write permissions. On Windows systems, this vulnerability escalates to Remote Code Execution by enabling attackers to write malicious payloads to the Windows Startup folder, which automatically executes upon user login.
Critical Impact
Arbitrary file write vulnerability that leads to Remote Code Execution on Windows systems through Startup folder payload injection. Attackers can craft malicious e-book files to achieve persistent code execution.
Affected Products
- calibre-ebook calibre versions 9.2.1 and below
- All platforms supported by Calibre (Windows, macOS, Linux)
- Windows installations are particularly vulnerable to RCE via Startup folder exploitation
Discovery Timeline
- 2026-02-20 - CVE-2026-26064 published to NVD
- 2026-02-20 - Last updated in NVD database
Technical Details for CVE-2026-26064
Vulnerability Analysis
This Path Traversal vulnerability originates from insufficient input validation in the extract_pictures function within Calibre's ODT (OpenDocument Text) input handler. The function is responsible for extracting embedded images from ODT files during e-book conversion or import operations.
The core issue lies in the function's path validation logic, which only verifies that file paths begin with 'Pictures' using a simple startswith() check. This validation is trivially bypassed by including path traversal sequences (..) after the Pictures prefix, allowing attackers to escape the intended extraction directory and write files to arbitrary locations on the filesystem.
Notably, Calibre's own ZipFile.extractall() implementation in utils/zipfile.py includes proper path sanitization through the _get_targetpath() function. However, the vulnerable extract_pictures() function bypasses this safe extraction method by manually reading zip contents with zf.read() and writing directly to disk using open(), completely circumventing the existing security controls.
Root Cause
The root cause is improper input validation (CWE-22) in the extract_pictures function located in src/calibre/ebooks/odt/input.py. The function fails to sanitize directory traversal sequences (..) from file paths extracted from ODT archives. While the code checks if filenames start with 'Pictures', it does not validate that the resolved path remains within the intended extraction directory, creating a classic path traversal vulnerability.
Attack Vector
An attacker exploits this vulnerability by crafting a malicious ODT file containing specially constructed archive entries. The attack requires local access to the system where Calibre is installed and user interaction to open or import the malicious file. On Windows systems, attackers can achieve persistent Remote Code Execution by targeting the Windows Startup folder (C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup), ensuring malicious payloads execute automatically on every user login.
The following patch demonstrates the security fix implemented in version 9.3.0:
def extract_pictures(self, zf):
if not os.path.exists('Pictures'):
os.makedirs('Pictures')
+ base = os.path.abspath(os.getcwd())
+ if not base.endswith(os.sep):
+ base += os.sep
for name in zf.namelist():
if name.startswith('Pictures') and name not in {'Pictures', 'Pictures/'}:
+ dest = os.path.abspath(os.path.join(base, name))
+ if os.path.commonprefix([base, dest]) != dest:
+ continue
data = zf.read(name)
- with open(name, 'wb') as f:
+ with open(dest, 'wb') as f:
f.write(data)
def apply_list_starts(self, root, log):
Source: GitHub Commit Update
The fix establishes a secure base directory and validates that all extracted file destinations resolve to paths within that base directory using os.path.commonprefix(), effectively preventing directory traversal attacks.
Detection Methods for CVE-2026-26064
Indicators of Compromise
- Unexpected files appearing in Windows Startup folders or other privileged system locations
- ODT or e-book files containing archive entries with path traversal sequences (../ or ..\)
- File system write operations from Calibre processes to locations outside expected library directories
- Suspicious executable files or scripts created during e-book import or conversion operations
Detection Strategies
- Monitor file system activity from Calibre processes for writes to sensitive directories such as Windows Startup folders
- Implement file integrity monitoring on critical system directories to detect unauthorized file creation
- Scan incoming e-book files for archive entries containing path traversal patterns before processing
- Deploy endpoint detection rules targeting path traversal patterns in archive extraction operations
Monitoring Recommendations
- Enable verbose logging for Calibre operations to track file extraction activities
- Configure SentinelOne Singularity to monitor for suspicious file writes by Calibre processes to startup folders or system directories
- Implement network monitoring for potential exfiltration if malicious payloads are deployed
- Audit user-submitted e-book files in shared library environments before importing into Calibre
How to Mitigate CVE-2026-26064
Immediate Actions Required
- Upgrade Calibre to version 9.3.0 or later immediately to address this vulnerability
- Review Windows Startup folders and other sensitive directories for any unauthorized files that may have been planted
- Temporarily disable automatic processing of untrusted ODT or e-book files until patching is complete
- Implement application allowlisting to prevent execution of unauthorized payloads from Startup folders
Patch Information
The vulnerability has been addressed in Calibre version 9.3.0. The patch modifies the extract_pictures function in src/calibre/ebooks/odt/input.py to properly validate that extracted file paths resolve within the intended base directory. The fix uses os.path.abspath() to resolve absolute paths and os.path.commonprefix() to ensure the destination remains within the safe extraction directory. Users should update immediately via the official Calibre website or package managers.
For detailed patch information, see the GitHub Commit Update and the GitHub Security Advisory GHSA-72ch-3hqc-pgmp.
Workarounds
- Avoid opening or importing ODT files from untrusted sources until patched
- Run Calibre with reduced filesystem permissions where possible to limit the impact of arbitrary file writes
- On Windows, configure folder permissions to prevent writes to Startup folders by non-administrator accounts
- Use containerization or sandboxing solutions to isolate Calibre operations from critical system directories
# Configuration example
# On Windows, restrict write access to Startup folder (requires Administrator privileges)
# Run in elevated PowerShell:
icacls "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup" /deny "BUILTIN\Users:(W)"
# Verify Calibre version after upgrade
calibre --version
# Expected output: calibre 9.3.0 or higher
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
