EIP-2026-118344

PRE-CVE

Calibre 0.7.34 - Cross-Site Scripting / Directory Traversal

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118344. PoCs published by waraxe.

AI-analyzed exploit summary The exploit demonstrates a directory traversal vulnerability and a cross-site scripting (XSS) vulnerability in Calibre 0.7.34. The directory traversal allows arbitrary file reading via path manipulation, while the XSS allows arbitrary script execution in the context of the affected site.

Description

Calibre 0.7.34 - Cross-Site Scripting / Directory Traversal

Exploits (1)

exploitdb WORKING POC VERIFIED
by waraxe · textremotewindows
https://www.exploit-db.com/exploits/35130

The exploit demonstrates a directory traversal vulnerability and a cross-site scripting (XSS) vulnerability in Calibre 0.7.34. The directory traversal allows arbitrary file reading via path manipulation, while the XSS allows arbitrary script execution in the context of the affected site.

Classification
Working Poc 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Calibre 0.7.34
No auth needed
Prerequisites: Access to the Calibre web interface
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026