CVE-2026-33205 Overview
CVE-2026-33205 is a Server-Side Request Forgery (SSRF) vulnerability in Calibre, a cross-platform e-book manager used for viewing, converting, editing, and cataloging e-books. The flaw resides in the background-image endpoint of Calibre's web-based e-book reader. An attacker can trigger blind HTTP GET requests to arbitrary URLs from the application context and exfiltrate information out of the e-book sandbox. The vulnerability affects all versions of Calibre prior to 9.6.0, and the maintainer has released 9.6.0 to patch the issue. The weakness is classified under CWE-918: Server-Side Request Forgery.
Critical Impact
A crafted e-book or web view interaction can force Calibre to issue blind GET requests to attacker-chosen URLs, enabling sandbox escape via information exfiltration.
Affected Products
- Calibre versions prior to 9.6.0
- Calibre e-book reader web view component
- background-image endpoint within the reader
Discovery Timeline
- 2026-03-27 - CVE-2026-33205 published to NVD
- 2026-03-30 - Last updated in NVD database
Technical Details for CVE-2026-33205
Vulnerability Analysis
The vulnerability lives in the Calibre reader's web view, which serves e-book content through a local HTTP interface. The background-image endpoint accepts a URL parameter and fetches the referenced resource server-side without sufficient validation of the destination. Because the request is issued by Calibre rather than the browser sandbox, the request bypasses same-origin restrictions enforced on e-book content. An attacker who controls e-book content or who can influence the reader's rendered HTML can supply arbitrary URLs to this endpoint. The response is not directly returned to the e-book context, which makes this a blind SSRF, but observable side effects and out-of-band channels still allow exfiltration of data from the sandbox.
Root Cause
The root cause is missing or insufficient destination validation in the background-image handler. The endpoint trusts the user-supplied URL and forwards the request without restricting schemes, hosts, or internal address ranges. This pattern matches CWE-918, where a server component performs outbound requests on behalf of input that an attacker can manipulate.
Attack Vector
Exploitation requires local user interaction with a malicious e-book in the Calibre reader. When the rendered content references the vulnerable background-image endpoint with an attacker-controlled URL, Calibre issues a GET request to that URL outside the e-book sandbox. The attacker can chain blind requests with timing or DNS-based oracles to exfiltrate data, probe loopback services, or reach hosts otherwise unreachable from the sandboxed reader context. No authentication or elevated privilege is required.
No public proof-of-concept code is referenced in the advisory. See the Calibre GitHub Security Advisory GHSA-4926-v9px-wv7v for maintainer-provided technical details.
Detection Methods for CVE-2026-33205
Indicators of Compromise
- Outbound HTTP GET requests originating from the Calibre process to unexpected external hosts or internal IP ranges.
- DNS queries from the Calibre host for domains referenced inside opened e-book files.
- E-book files (.epub, .azw3, .html) containing references to the local reader's background-image endpoint with non-image URL parameters.
Detection Strategies
- Inspect network telemetry for traffic generated by the calibre binary toward destinations that do not match known update or metadata endpoints.
- Correlate e-book open events with subsequent outbound connections from the same host within a short time window.
- Flag requests to the local reader's background-image endpoint whose URL parameter targets non-image content types or internal addresses.
Monitoring Recommendations
- Log process-level network activity for Calibre across Windows, macOS, and Linux endpoints where the application is installed.
- Monitor for the installed Calibre version across the fleet and alert on hosts running versions below 9.6.0.
- Capture DNS resolution requests from user workstations to identify exfiltration channels following e-book imports from untrusted sources.
How to Mitigate CVE-2026-33205
Immediate Actions Required
- Upgrade all Calibre installations to version 9.6.0 or later.
- Avoid opening e-books from untrusted sources in vulnerable Calibre versions until patching is complete.
- Inventory hosts running Calibre and prioritize patching on systems that process externally sourced e-books.
Patch Information
The Calibre maintainer fixed the SSRF in version 9.6.0. Refer to the Calibre GitHub Security Advisory GHSA-4926-v9px-wv7v for the official fix and release notes. Users should obtain the patched build from the official Calibre distribution channels.
Workarounds
- Restrict outbound network access from workstations that run Calibre using host firewall rules until the upgrade is applied.
- Open untrusted e-books only on isolated systems or in network-restricted environments.
- Disable or avoid the in-application web reader view when handling untrusted content, opening such files only with the standalone viewer where feasible.
# Verify installed Calibre version and upgrade where needed
calibre --version
# Example host firewall rule (Linux nftables) restricting Calibre egress to local only
sudo nft add rule inet filter output meta skuid $(id -u) \
ip daddr != 127.0.0.0/8 tcp dport {80, 443} reject
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
