CVE-2026-27810

MEDIUM

calibre <9.4.0 - HTTP Response Header Injection

Title source: llm

Description

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an unsanitized `content_disposition` query parameter in the `/get/` and `/data-files/get/` endpoints. All users running the calibre Content Server with authentication enabled are affected. The vulnerability is exploitable by any authenticated user and can also be triggered by tricking an authenticated victim into clicking a crafted link. Version 9.4.0 contains a fix for the issue.

References (1)

[Vendor Advisory] https://github.com/kovidgoyal/calibre/security/advisories/GHSA-5fpj-fxw7-8grw

Scores

CVSS v3 6.4

EPSS 0.0005

EPSS Percentile 16.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-113

Status published

Products (1)

calibre-ebook/calibre < 9.4.0

Published Feb 27, 2026

Tracked Since Feb 28, 2026