2437936 – (CVE-2026-25635) CVE-2026-25635 calibre: Calibre: Remote Code Execution via path traversal in CHM reader

Bug 2437936 (CVE-2026-25635) - CVE-2026-25635 calibre: Calibre: Remote Code Execution via path traversal in CHM reader

Summary: CVE-2026-25635 calibre: Calibre: Remote Code Execution via path traversal in ...

Keywords:
Status:	NEW
Alias:	CVE-2026-25635
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2437955 2437958
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-09 11:14 UTC by OSIDB Bzimport
Modified:	2026-02-09 12:47 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-09 11:14:56 UTC

calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerability is fixed in 9.2.0.

Note You need to log in before you can comment on or make changes to this bug.