RCE in Kovidgoyal Calibre
CVE-2026-53511
calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition wi…
Vulnerability class: RCE (Remote Code Execution)
Affected products
- Kovidgoyal Calibre — versions < 9.10.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)