Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-33205

CVE-2026-33205: Calibre E-book Manager SSRF Vulnerability

CVE-2026-33205 is a Server-Side Request Forgery flaw in Calibre e-book manager that enables attackers to perform blind GET requests and exfiltrate data from the ebook sandbox. This article covers technical details, affected versions, impact, and mitigation steps.

Updated:

CVE-2026-33205 Overview

CVE-2026-33205 is a Server-Side Request Forgery (SSRF) vulnerability in Calibre, a cross-platform e-book manager used for viewing, converting, editing, and cataloging e-books. The flaw resides in the background-image endpoint of Calibre's web-based e-book reader. An attacker can trigger blind HTTP GET requests to arbitrary URLs from the application context and exfiltrate information out of the e-book sandbox. The vulnerability affects all versions of Calibre prior to 9.6.0, and the maintainer has released 9.6.0 to patch the issue. The weakness is classified under CWE-918: Server-Side Request Forgery.

Critical Impact

A crafted e-book or web view interaction can force Calibre to issue blind GET requests to attacker-chosen URLs, enabling sandbox escape via information exfiltration.

Affected Products

  • Calibre versions prior to 9.6.0
  • Calibre e-book reader web view component
  • background-image endpoint within the reader

Discovery Timeline

  • 2026-03-27 - CVE-2026-33205 published to NVD
  • 2026-03-30 - Last updated in NVD database

Technical Details for CVE-2026-33205

Vulnerability Analysis

The vulnerability lives in the Calibre reader's web view, which serves e-book content through a local HTTP interface. The background-image endpoint accepts a URL parameter and fetches the referenced resource server-side without sufficient validation of the destination. Because the request is issued by Calibre rather than the browser sandbox, the request bypasses same-origin restrictions enforced on e-book content. An attacker who controls e-book content or who can influence the reader's rendered HTML can supply arbitrary URLs to this endpoint. The response is not directly returned to the e-book context, which makes this a blind SSRF, but observable side effects and out-of-band channels still allow exfiltration of data from the sandbox.

Root Cause

The root cause is missing or insufficient destination validation in the background-image handler. The endpoint trusts the user-supplied URL and forwards the request without restricting schemes, hosts, or internal address ranges. This pattern matches CWE-918, where a server component performs outbound requests on behalf of input that an attacker can manipulate.

Attack Vector

Exploitation requires local user interaction with a malicious e-book in the Calibre reader. When the rendered content references the vulnerable background-image endpoint with an attacker-controlled URL, Calibre issues a GET request to that URL outside the e-book sandbox. The attacker can chain blind requests with timing or DNS-based oracles to exfiltrate data, probe loopback services, or reach hosts otherwise unreachable from the sandboxed reader context. No authentication or elevated privilege is required.

No public proof-of-concept code is referenced in the advisory. See the Calibre GitHub Security Advisory GHSA-4926-v9px-wv7v for maintainer-provided technical details.

Detection Methods for CVE-2026-33205

Indicators of Compromise

  • Outbound HTTP GET requests originating from the Calibre process to unexpected external hosts or internal IP ranges.
  • DNS queries from the Calibre host for domains referenced inside opened e-book files.
  • E-book files (.epub, .azw3, .html) containing references to the local reader's background-image endpoint with non-image URL parameters.

Detection Strategies

  • Inspect network telemetry for traffic generated by the calibre binary toward destinations that do not match known update or metadata endpoints.
  • Correlate e-book open events with subsequent outbound connections from the same host within a short time window.
  • Flag requests to the local reader's background-image endpoint whose URL parameter targets non-image content types or internal addresses.

Monitoring Recommendations

  • Log process-level network activity for Calibre across Windows, macOS, and Linux endpoints where the application is installed.
  • Monitor for the installed Calibre version across the fleet and alert on hosts running versions below 9.6.0.
  • Capture DNS resolution requests from user workstations to identify exfiltration channels following e-book imports from untrusted sources.

How to Mitigate CVE-2026-33205

Immediate Actions Required

  • Upgrade all Calibre installations to version 9.6.0 or later.
  • Avoid opening e-books from untrusted sources in vulnerable Calibre versions until patching is complete.
  • Inventory hosts running Calibre and prioritize patching on systems that process externally sourced e-books.

Patch Information

The Calibre maintainer fixed the SSRF in version 9.6.0. Refer to the Calibre GitHub Security Advisory GHSA-4926-v9px-wv7v for the official fix and release notes. Users should obtain the patched build from the official Calibre distribution channels.

Workarounds

  • Restrict outbound network access from workstations that run Calibre using host firewall rules until the upgrade is applied.
  • Open untrusted e-books only on isolated systems or in network-restricted environments.
  • Disable or avoid the in-application web reader view when handling untrusted content, opening such files only with the standalone viewer where feasible.
bash
# Verify installed Calibre version and upgrade where needed
calibre --version

# Example host firewall rule (Linux nftables) restricting Calibre egress to local only
sudo nft add rule inet filter output meta skuid $(id -u) \
  ip daddr != 127.0.0.0/8 tcp dport {80, 443} reject

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.