CVE-2026-33205 | kovidgoyal calibre up to 9.5.x background-image Endpoint server-side request forgery

Inserito da Angelo Barbosa | Mar 27, 2026 | CVE

A vulnerability identified as critical has been detected in kovidgoyal calibre up to 9.5.x. Affected by this issue is some unknown functionality of the component background-image Endpoint. The manipulation leads to server-side request forgery.

This vulnerability is referenced as CVE-2026-33205. Remote exploitation of the attack is possible. No exploit is available.

You should upgrade the affected component.

CVE-2026-33205 | kovidgoyal calibre up to 9.5.x background-image Endpoint server-side request forgery

Post correlati

CVE-2024-23633 | HumanSignal label-studio up to 1.10.0 Avatar Image data_import/uploader.py cross site scripting (GHSA-fq23-g58m-799r)

CVE-2023-6446 | Calculated Fields Form Plugin up to 1.2.40 on WordPress cross site scripting

CVE-2023-49539 | Book Store Management System 1.0 category cross site scripting

CVE-2025-8019 | Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6 at/appy.cgi sub_40B6F0 wan_proto buffer overflow