RCE in Kovidgoyal Calibre

CVE-2026-53511

calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition wi…

Vulnerability class: RCE (Remote Code Execution)

Affected products

Weakness classification (CWE)

References