CVE-2026-33205 — MEDIUM (5.5)

Q: How severe is CVE-2026-33205?

CVE-2026-33205 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-33205?

Check the references section above for vendor advisories and patch information. Affected products include: Calibre-Ebook Calibre.

Vulnerability Description

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitrary URLs and exfiltrate information out from the ebook sandbox. Version 9.6.0 patches the issue.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Calibre-Ebook	Calibre	< 9.6.0

Related Weaknesses (CWE)

CWE-918

References

https://github.com/kovidgoyal/calibre/security/advisories/GHSA-4926-v9px-wv7vExploitVendor Advisory

FAQ

What is CVE-2026-33205?

CVE-2026-33205 is a vulnerability with a CVSS score of 5.5 (MEDIUM). calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoin...

How severe is CVE-2026-33205?

CVE-2026-33205 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-33205?

Check the references section above for vendor advisories and patch information. Affected products include: Calibre-Ebook Calibre.