ByteOS Network

CVE Vulnerability Details :

CVE-2026-27810

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-27 Feb, 2026 | 19:44

Updated At-27 Feb, 2026 | 19:44

▼CVE Numbering Authority (CNA)

calibre Vulnerable to HTTP Response Header Injection

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an unsanitized `content_disposition` query parameter in the `/get/` and `/data-files/get/` endpoints. All users running the calibre Content Server with authentication enabled are affected. The vulnerability is exploitable by any authenticated user and can also be triggered by tricking an authenticated victim into clicking a crafted link. Version 9.4.0 contains a fix for the issue.

Affected Products

Vendor

kovidgoyal

Product

calibre

Versions

Affected

< 9.4.0

Problem Types

Type	CWE ID	Description
CWE	CWE-113	CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Type: CWE

CWE ID: CWE-113

Description: CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Metrics

Version	Base score	Base severity	Vector
3.1	6.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Version: 3.1

Base score: 6.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

References

Hyperlink	Resource
https://github.com/kovidgoyal/calibre/security/advisories/GHSA-5fpj-fxw7-8grw	x_refsource_CONFIRM

Hyperlink: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-5fpj-fxw7-8grw

Resource:

x_refsource_CONFIRM

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References