Path Traversal in Kovidgoyal Calibre

CVE-2026-33206

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based file…

EPSS: 0.000 (5.7th percentile) — read the EPSS interpretation.

Affected products

Kovidgoyal Calibre — versions < 9.6.0

Weakness classification (CWE)

CWE-23 — Relative Path Traversal

References

https://github.com/kovidgoyal/calibre/security/advisories/GHSA-h3p4-m74f-43g6 (x_refsource_CONFIRM)