Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-53511

CVE-2026-53511: Calibre E-Book Manager RCE Vulnerability

CVE-2026-53511 is a remote code execution flaw in Calibre e-book manager allowing malicious EPUB, OPF, or PDF files to execute arbitrary Python code. This article covers the technical details, affected versions, and mitigation.

Published:

CVE-2026-53511 Overview

CVE-2026-53511 is a code injection vulnerability in calibre, an open-source e-book manager. Versions prior to 9.10.0 evaluate untrusted Python templates embedded in book metadata. A malicious EPUB, OPF, or PDF file can embed a custom column definition with a python: template inside the calibre:user_metadata field. When calibre reads the metadata during Add books or Edit books workflows, the template is passed unsanitized to exec() in the template formatter, resulting in arbitrary Python code execution in the user context. The issue is tracked as [CWE-94] Improper Control of Generation of Code and is fixed in calibre 9.10.0.

Critical Impact

Opening or importing a crafted e-book file allows an attacker to execute arbitrary Python code on the victim's machine with the privileges of the calibre user.

Affected Products

  • calibre e-book manager versions prior to 9.10.0
  • All platforms supported by calibre (Windows, macOS, Linux)
  • EPUB, OPF, and PDF file processing paths that read metadata

Discovery Timeline

  • 2026-07-07 - CVE-2026-53511 published to NVD
  • 2026-07-09 - Last updated in NVD database

Technical Details for CVE-2026-53511

Vulnerability Analysis

Calibre supports a template language that can include Python code prefixed with python:. Templates are normally intended for user-defined composite columns configured by the local user. The vulnerable code path in src/calibre/ebooks/metadata/book/base.py invokes self.formatter.safe_format() on the composite_template field of user metadata read from the book file, without disabling Python template evaluation. Because the calibre:user_metadata block is parseable from EPUB, OPF, and PDF containers, an attacker can supply attacker-controlled composite column definitions that reach exec() in the formatter.

Exploitation requires only that the victim add or edit a malicious book in the calibre library. No further interaction with the metadata or column is needed.

Root Cause

The formatter previously honored the python: template prefix regardless of the source of the template string. The metadata reader treated fields from within the book file as trusted configuration data. This trust boundary violation permitted attacker-controlled strings to reach a Python interpreter through the composite template evaluation path.

Attack Vector

An attacker crafts an EPUB, OPF, or PDF file containing a calibre:user_metadata element that defines a composite column whose template begins with python: followed by arbitrary Python. When the victim imports or edits the file, calibre parses the metadata, invokes safe_format(), and evaluates the template. The payload executes with the calibre process privileges and can read files, spawn processes, or persist on the host.

python
# Security patch in src/calibre/ebooks/metadata/book/base.py
# Disallow Python templates when reading book metadata
if val is None and d['datatype'] == 'composite':
    from calibre.utils.formatter import TEMPLATE_ERROR
    d['#value#'] = 'RECURSIVE_COMPOSITE FIELD (Metadata) ' + field
    # Python templates must be disallowed as they can come from
    # untrusted sources (book metadata)
    orig = self.formatter.allow_python_templates
    self.formatter.allow_python_templates = False
    try:
        val = d['#value#'] = self.formatter.safe_format(
                                d['display']['composite_template'],
                                self,
                                TEMPLATE_ERROR,
                                self, column_name=field,
                                template_cache=self.template_cache).strip()
    finally:
        self.formatter.allow_python_templates = orig
# Source: https://github.com/kovidgoyal/calibre/commit/712f4e1ff5c1e798c335bef3bacc4efdee052e9c

The fix introduces an allow_python_templates flag on the formatter and forces it to False when composite templates originate from book metadata. See the calibre security patch commit for the complete change set.

Detection Methods for CVE-2026-53511

Indicators of Compromise

  • EPUB, OPF, or PDF files containing a calibre:user_metadata element with a composite_template value starting with python:.
  • Unexpected child processes spawned by the calibre GUI or calibredb (for example python, cmd.exe, powershell.exe, /bin/sh).
  • Outbound network connections initiated by the calibre process immediately after a book import.
  • New files written to user home directories or autostart locations shortly after Add books or Edit books operations.

Detection Strategies

  • Scan e-book files at ingest for the string calibre:user_metadata combined with python: inside composite template definitions.
  • Alert on process ancestry where calibre binaries launch scripting interpreters or shells.
  • Correlate calibre executions with subsequent file writes to sensitive directories using EDR telemetry.

Monitoring Recommendations

  • Track calibre version inventory across endpoints and flag hosts running versions earlier than 9.10.0.
  • Log and review all uses of Add books and Edit books when sourcing files from untrusted locations such as email attachments or downloads.
  • Baseline normal calibre process behavior and alert on deviations such as network egress or child process creation.

How to Mitigate CVE-2026-53511

Immediate Actions Required

  • Upgrade calibre to version 9.10.0 or later on all endpoints where it is installed.
  • Do not import EPUB, OPF, or PDF files received from untrusted sources until the upgrade is applied.
  • Review recently imported books for suspicious calibre:user_metadata payloads and remove affected entries.
  • Investigate any host that opened a suspect file for signs of post-exploitation activity.

Patch Information

The fix is available in calibre release v9.10.0. Full technical details are documented in GitHub Security Advisory GHSA-2j4m-2q7x-2c47.

Workarounds

  • Restrict calibre usage to trusted e-book sources until patching is complete.
  • Run calibre inside a sandbox or dedicated low-privilege user account to limit blast radius.
  • Block execution of scripting interpreters spawned as children of calibre using endpoint application control policies.
bash
# Verify calibre version on Linux/macOS after upgrade
calibre --version

# Windows PowerShell inventory check
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" |
  Where-Object { $_.DisplayName -like 'calibre*' } |
  Select-Object DisplayName, DisplayVersion

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.