{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30853", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-05T21:27:35.341Z", "datePublished": "2026-03-13T19:00:09.925Z", "dateUpdated": "2026-03-13T19:42:26.573Z"}, "containers": {"cna": {"title": "calibre has a Path Traversal Leading to Arbitrary File Write", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-7mp7-rfrg-542x", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-7mp7-rfrg-542x"}], "affected": [{"vendor": "kovidgoyal", "product": "calibre", "versions": [{"version": "< 9.5.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-13T19:00:09.925Z"}, "descriptions": [{"lang": "en", "value": "calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook (.rb) input plugin (src/calibre/ebooks/rb/reader.py) allows an attacker to write arbitrary files to any path writable by the calibre process when a user opens or converts a crafted .rb file. This is the same bug class fixed in CVE-2026-26065 for the PDB readers, but the fix was never applied to the RB reader. This vulnerability is fixed in 9.5.0."}], "source": {"advisory": "GHSA-7mp7-rfrg-542x", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T19:42:19.321037Z", "id": "CVE-2026-30853", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T19:42:26.573Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30853", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T19:42:19.321037Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T19:42:23.416Z"}}], "cna": {"title": "calibre has a Path Traversal Leading to Arbitrary File Write", "source": {"advisory": "GHSA-7mp7-rfrg-542x", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "kovidgoyal", "product": "calibre", "versions": [{"status": "affected", "version": "< 9.5.0"}]}], "references": [{"url": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-7mp7-rfrg-542x", "name": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-7mp7-rfrg-542x", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook (.rb) input plugin (src/calibre/ebooks/rb/reader.py) allows an attacker to write arbitrary files to any path writable by the calibre process when a user opens or converts a crafted .rb file. This is the same bug class fixed in CVE-2026-26065 for the PDB readers, but the fix was never applied to the RB reader. This vulnerability is fixed in 9.5.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-13T19:00:09.925Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30853", "state": "PUBLISHED", "dateUpdated": "2026-03-13T19:42:26.573Z", "dateReserved": "2026-03-05T21:27:35.341Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-13T19:00:09.925Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*", "matchCriteriaId": "973916AB-8FDD-411A-8AA0-F32688DD1C2E", "versionEndExcluding": "9.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook (.rb) input plugin (src/calibre/ebooks/rb/reader.py) allows an attacker to write arbitrary files to any path writable by the calibre process when a user opens or converts a crafted .rb file. This is the same bug class fixed in CVE-2026-26065 for the PDB readers, but the fix was never applied to the RB reader. This vulnerability is fixed in 9.5.0."}], "id": "CVE-2026-30853", "lastModified": "2026-03-18T14:01:22.710", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-13T19:54:35.077", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-7mp7-rfrg-542x"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "calibre: Calibre: Arbitrary file write via crafted RocketBook (.rb) file", "id": "2447437", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447437"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", "status": "draft"}, "cwe": "CWE-22", "details": ["A flaw was found in Calibre, an e-book manager. A path traversal vulnerability in the RocketBook (.rb) input plugin allows an attacker to write arbitrary files to any location accessible by the Calibre process. This can be exploited when a user opens or converts a specially crafted .rb file, potentially leading to information disclosure, denial of service, or arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, users should avoid opening or converting untrusted RocketBook (.rb) files with calibre. Processing untrusted files can lead to arbitrary file writes on the system."}, "name": "CVE-2026-30853", "public_date": "2026-03-13T19:00:09Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-30853\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-30853\nhttps://github.com/kovidgoyal/calibre/security/advisories/GHSA-7mp7-rfrg-542x"], "statement": "This vulnerability has a MODERATE impact. A path traversal flaw in the RocketBook (.rb) input plugin of calibre allows an attacker to write arbitrary files to locations writable by the calibre process. This issue occurs when a user opens or converts a specially crafted .rb file.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,9.5.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "calibre", "source": "cna", "vendor": "kovidgoyal"}, "product": "calibre", "vendor": "kovidgoyal"}], "analysis": {"en": {"generated_at": "2026-03-18T15:28:29.571074+00:00", "value": {"mitigation_remediation": ["Update to calibre 9.5.0 or later."], "summary": {"action": "Patch Now", "impact": "Arbitrary File Write"}, "threat_synthesis": {"affected_systems": "The product affected is kovidgoyal:calibre, available as calibre-ebook:calibre. All releases before version 9.5.0 are vulnerable. The issue is present across all supported operating systems as calibre is cross-platform.", "description_and_impact": "Calibre versions prior to 9.5.0 contain a path traversal flaw in the RocketBook (.rb) input plugin that allows an attacker to write arbitrary files to any location writable by the calibre process when a user opens or converts a crafted .rb file. This weakness, classified as CWE-22, enables malicious code to create or overwrite files, potentially compromising the confidentiality and integrity of the system or affecting exposed resources. The flaw does not provide remote code execution but can be used to write malicious binaries, configuration files, or other payloads that may be executed later by the user or privileged processes.", "risk_and_exploitability": "The CVSS score of 5 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of widespread exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires a user to open a specifically crafted .rb file, so the attack vector is local and user-interactive. While the impact is limited to environments where calibre runs with elevated or system-level privileges, the lack of remote exploitation reduces overall risk for typical deployments."}}}}, "created": "2026-03-16T09:24:32.161442+00:00", "updated": "2026-03-23T13:40:23.964862+00:00", "vendors": ["kovidgoyal", "kovidgoyal$PRODUCT$calibre"]}