CVE-2026-25731

{"id": "CVE-2026-25731", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2026-02-06T21:16:19.457", "references": [{"url": "https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-1336"}]}], "descriptions": [{"lang": "en", "value": "calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0."}, {"lang": "es", "value": "calibre es un gestor de libros electr\u00f3nicos. Antes de la versi\u00f3n 9.2.0, una vulnerabilidad de inyecci\u00f3n de plantillas del lado del servidor (SSTI) en el motor de plantillas Templite de Calibre permite la ejecuci\u00f3n de c\u00f3digo arbitrario cuando un usuario convierte un libro electr\u00f3nico utilizando un archivo de plantilla personalizado malicioso a trav\u00e9s de las opciones de l\u00ednea de comandos --template-html o --template-html-index. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 9.2.0."}], "lastModified": "2026-02-17T21:18:56.893", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "264BDA56-70BE-4FCE-96AD-7F9D1BA0FB54", "versionEndExcluding": "9.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}