CVE-2024-6782

CRITICAL EXPLOITED NUCLEI

Calibre 6.9.0-7.14.0 - Unauthenticated RCE

Title source: llm

Exploitation Summary

CVE-2024-6782 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 5 public exploits from researchers including zangjiahe, 0xB0y426, NketiahGodfred, including a Metasploit module exploits/multi/misc/calibre_exec. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits an improper access control vulnerability in Calibre (CVE-2024-6782) to achieve unauthenticated remote code execution via a crafted JSON payload sent to the `/cdb/cmd/list` endpoint. The payload injects Python code that executes arbitrary commands using `subprocess`.

Description

Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.

Exploits (5)

nomisec WORKING POC 6 stars

by zangjiahe · remote

https://github.com/zangjiahe/CVE-2024-6782

View Code ZIP pw:eip

This PoC exploits an improper access control vulnerability in Calibre (CVE-2024-6782) to achieve unauthenticated remote code execution via a crafted JSON payload sent to the `/cdb/cmd/list` endpoint. The payload injects Python code that executes arbitrary commands using `subprocess`.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Calibre 6.9.0 to 7.14.0

No auth needed

Prerequisites: Network access to Calibre's web interface (port 8080 by default) · Calibre version between 6.9.0 and 7.14.0

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by 0xB0y426 · remote

https://github.com/0xB0y426/CVE-2024-6782-PoC

View Code ZIP pw:eip

This PoC exploits an unauthenticated remote code execution vulnerability in Calibre's content server (CVE-2024-6782) by injecting a Python payload via the `/cdb/cmd/list` endpoint. The payload executes arbitrary commands using `subprocess.check_output` on both Windows and Unix-like systems.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Calibre <= 7.14.0

No auth needed

Prerequisites: Network access to the Calibre content server · Target running Calibre <= 7.14.0

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by NketiahGodfred · remote

https://github.com/NketiahGodfred/CVE-2024-6782

View Code ZIP pw:eip

This exploit leverages a Python-based template injection vulnerability in the target software to achieve remote code execution (RCE). It sends a crafted JSON payload via a POST request to execute arbitrary shell commands on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Unknown (likely a web application with a vulnerable template engine)

No auth needed

Prerequisites: Target must be reachable via HTTP · Target must have a vulnerable endpoint at /cdb/cmd/list · Target must have Python subprocess module accessible

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by jdpsl · remote

https://github.com/jdpsl/CVE-2024-6782

View Code ZIP pw:eip

This PoC exploits an improper access control vulnerability in Calibre (CVE-2024-6782) to achieve remote code execution via a crafted JSON payload sent to the `/cdb/cmd/list` endpoint. The payload injects Python code to execute system commands (`whoami`) on the target.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Calibre 6.9.0 ~ 7.14.0

No auth needed

Prerequisites: Network access to the target's Calibre server on port 8080

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Amos Ng, Michael Heinzl · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/calibre_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a Python code injection vulnerability in Calibre's Content Server (CVE-2024-6782) by sending a malicious JSON payload to execute arbitrary commands via subprocess calls. It supports both Windows and Linux targets with different payload types.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Calibre v6.9.0 - v7.15.0

No auth needed

Prerequisites: Calibre Content Server enabled and accessible on port 8080 · Network access to the target

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Calibre <= 7.14.0 Remote Code Execution

CRITICALVERIFIEDby DhiyaneshDK

Shodan: html:"Calibre"

FOFA: Server: calibre

References (2)

Core 2

Core References

Various Sources third-party-advisory

https://starlabs.sg/advisories/24/24-6782/

Patch patch

https://github.com/kovidgoyal/calibre/commit/38a1bf50d8cd22052ae59c513816706c6445d5e9

View Patch ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.9384

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2026-01-20

CWE

CWE-863

Status published

Products (1)

Calibre/Calibre 6.9.0 - 7.14.0

Published Aug 06, 2024

Tracked Since Feb 18, 2026