CVE-2026-33205 Overview
CVE-2026-33205 is a Server-Side Request Forgery (SSRF) vulnerability discovered in Calibre, a popular cross-platform e-book manager used for viewing, converting, editing, and cataloging e-books. The vulnerability exists in the background-image endpoint of Calibre's web view component, allowing attackers to perform blind GET requests to arbitrary URLs and exfiltrate information from the ebook sandbox.
Critical Impact
Attackers can leverage this SSRF vulnerability to make unauthorized requests from the Calibre application, potentially accessing internal network resources or exfiltrating sensitive data from the ebook sandbox environment.
Affected Products
- Calibre e-book manager versions prior to 9.6.0
- calibre-ebook calibre (all platforms)
- Calibre web view component with background-image endpoint
Discovery Timeline
- 2026-03-27 - CVE-2026-33205 published to NVD
- 2026-03-30 - Last updated in NVD database
Technical Details for CVE-2026-33205
Vulnerability Analysis
This vulnerability is classified under CWE-918 (Server-Side Request Forgery). The flaw resides in the background-image endpoint of Calibre's web view functionality. When processing e-book content, the application fails to properly validate and sanitize URLs specified in background-image CSS properties before making server-side requests.
The local attack vector requires user interaction to open a maliciously crafted e-book file. Once opened, the attacker-controlled content can instruct the Calibre application to make outbound HTTP GET requests to arbitrary destinations. This creates a blind SSRF condition where the attacker cannot directly see the response but can still exfiltrate data through timing attacks or DNS-based exfiltration techniques.
Root Cause
The root cause of this vulnerability is improper input validation in the background-image endpoint handler. The application does not adequately restrict or validate the URLs that can be requested when processing CSS background-image properties within e-book content. This allows an attacker to specify arbitrary URLs, including internal network addresses or external attacker-controlled servers, bypassing the intended sandbox restrictions.
Attack Vector
The attack requires local access and user interaction—specifically, the victim must open a maliciously crafted e-book file. The attack flow involves:
- An attacker crafts a malicious e-book containing CSS with a specially crafted background-image URL pointing to an attacker-controlled server or internal resource
- The victim opens the malicious e-book in Calibre's web view
- Calibre's web view processes the CSS and makes a blind GET request to the specified URL
- The attacker can exfiltrate information through the request itself (e.g., via URL parameters or DNS queries) or probe internal network resources
The vulnerability allows information disclosure from within the ebook sandbox, potentially exposing sensitive data or enabling reconnaissance of internal network infrastructure. For detailed technical information, refer to the GitHub Security Advisory.
Detection Methods for CVE-2026-33205
Indicators of Compromise
- Unexpected outbound HTTP requests originating from the Calibre application process
- Network connections from Calibre to internal IP ranges or unusual external destinations
- DNS queries for suspicious domains triggered during e-book viewing sessions
- Log entries showing requests to the background-image endpoint with external URLs
Detection Strategies
- Monitor network traffic for outbound connections from the Calibre process to unexpected destinations
- Implement web proxy logging to capture and analyze requests made by the Calibre application
- Deploy endpoint detection rules that alert on Calibre making connections to internal network ranges
- Review e-book files for suspicious CSS properties containing external URL references
Monitoring Recommendations
- Enable verbose logging for Calibre application network activity
- Configure network security tools to flag SSRF-like patterns from desktop applications
- Implement DNS monitoring to detect data exfiltration attempts through DNS queries
- Use SentinelOne's behavioral AI to detect anomalous network connection patterns from e-book reader applications
How to Mitigate CVE-2026-33205
Immediate Actions Required
- Upgrade Calibre to version 9.6.0 or later immediately
- Avoid opening e-books from untrusted sources until the patch is applied
- Review and restrict network access for the Calibre application using firewall rules
- Consider disabling the web view feature if not required for your workflow
Patch Information
The vulnerability has been addressed in Calibre version 9.6.0. Users should update to this version or later to remediate the SSRF vulnerability. The patch implements proper URL validation and restrictions on the background-image endpoint to prevent unauthorized server-side requests.
For official patch details and security guidance, refer to the GitHub Security Advisory GHSA-4926-v9px-wv7v.
Workarounds
- Restrict Calibre's network access using host-based firewall rules to only allow necessary connections
- Avoid using the web view feature for e-books from untrusted or unknown sources
- Run Calibre in a sandboxed environment with limited network access capabilities
- Implement network segmentation to prevent potential SSRF attacks from reaching sensitive internal resources
# Example: Restrict Calibre network access using iptables (Linux)
# Block outbound connections from Calibre except to known-good destinations
iptables -A OUTPUT -m owner --uid-owner calibre-user -d 127.0.0.0/8 -j ACCEPT
iptables -A OUTPUT -m owner --uid-owner calibre-user -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
