UBUNTU-CVE-2026-27810

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-27810

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27810.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-27810

Upstream

CVE-2026-27810

Published

2026-02-27T20:21:00Z

Modified

2026-03-05T19:19:25.425596Z

Severity

6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an unsanitized content_disposition query parameter in the /get/ and /data-files/get/ endpoints. All users running the calibre Content Server with authentication enabled are affected. The vulnerability is exploitable by any authenticated user and can also be triggered by tricking an authenticated victim into clicking a crafted link. Version 9.4.0 contains a fix for the issue.

References

Affected packages

Ubuntu:16.04:LTS

calibre

Package

Name: calibre
Purl: pkg:deb/ubuntu/calibre@2.55.0+dfsg-1ubuntu0.2?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.33.0+dfsg-1build1

2.38.0+dfsg-1

2.45.0+dfsg-1

2.45.0+dfsg-1build1

2.48.0+dfsg-1

2.48.0+dfsg-1build1

2.54.0+dfsg-1

2.55.0+dfsg-1

2.55.0+dfsg-1ubuntu0.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.55.0+dfsg-1ubuntu0.2",
            "binary_name": "calibre"
        },
        {
            "binary_version": "2.55.0+dfsg-1ubuntu0.2",
            "binary_name": "calibre-bin"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27810.json"

Ubuntu:18.04:LTS

calibre

Package

Name: calibre
Purl: pkg:deb/ubuntu/calibre@3.21.0+dfsg-1build1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.7.0+dfsg-2

3.7.0+dfsg-2build1

3.12.0+dfsg-1

3.13.0+dfsg-1

3.14.0+dfsg-1

3.15.0.1+dfsg-1

3.16.0+dfsg-1

3.16.0+dfsg-1build1

3.17.0+dfsg-1

3.17.0+dfsg-2

3.18.0+dfsg-1build1

3.19.0+dfsg-1

3.20.0+dfsg-1

3.21.0+dfsg-1

3.21.0+dfsg-1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "3.21.0+dfsg-1build1",
            "binary_name": "calibre"
        },
        {
            "binary_version": "3.21.0+dfsg-1build1",
            "binary_name": "calibre-bin"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27810.json"

Ubuntu:20.04:LTS

calibre

Package

Name: calibre
Purl: pkg:deb/ubuntu/calibre@4.99.4+dfsg+really4.12.0-1ubuntu1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.46.0+dfsg-1

4.*

4.2.0+dfsg-2

4.3.0+dfsg-1

4.3.0+dfsg-2

4.4.0+dfsg-1

4.5.0+dfsg-1

4.5.0+dfsg-2

4.5.0+dfsg-3

4.6.0+dfsg-1

4.7.0+dfsg-1

4.99.3+dfsg-2

4.99.4+dfsg-1

4.99.4+dfsg-1build1

4.99.4+dfsg+really4.10.0+py3-2

4.99.4+dfsg+really4.11.2-1

4.99.4+dfsg+really4.11.2-1build1

4.99.4+dfsg+really4.12.0-1

4.99.4+dfsg+really4.12.0-1build1

4.99.4+dfsg+really4.12.0-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "4.99.4+dfsg+really4.12.0-1ubuntu1",
            "binary_name": "calibre"
        },
        {
            "binary_version": "4.99.4+dfsg+really4.12.0-1ubuntu1",
            "binary_name": "calibre-bin"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27810.json"

Ubuntu:22.04:LTS

calibre

Package

Name: calibre
Purl: pkg:deb/ubuntu/calibre@5.37.0+dfsg-1build1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.25.0+dfsg-2

5.33.2+dfsg-1

5.34.0+dfsg-1

5.35.0+dfsg-1ubuntu2

5.37.0+dfsg-1

5.37.0+dfsg-1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.37.0+dfsg-1build1",
            "binary_name": "calibre"
        },
        {
            "binary_version": "5.37.0+dfsg-1build1",
            "binary_name": "calibre-bin"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27810.json"

Ubuntu:24.04:LTS

calibre

Package

Name: calibre
Purl: pkg:deb/ubuntu/calibre@7.6.0+ds-1build1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.24.0+ds-1

6.29.0+ds-1

7.*

7.0.0+ds-1

7.1.0+ds-1

7.1.0+ds-2

7.2.0+ds-1

7.2.0+ds-1build1

7.3.0+ds-1

7.4.0+ds-1

7.5.1+ds-1

7.5.1+ds-2

7.5.1+ds-3

7.6.0+ds-1

7.6.0+ds-1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "7.6.0+ds-1build1",
            "binary_name": "calibre"
        },
        {
            "binary_version": "7.6.0+ds-1build1",
            "binary_name": "calibre-bin"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27810.json"

Ubuntu:25.10

calibre

Package

Name: calibre
Purl: pkg:deb/ubuntu/calibre@8.8.0+ds-3build1?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.26.0+ds-4build1

8.*

8.3.0+ds-1

8.4.0+ds-1

8.5.0+ds-1

8.6.0+ds-1

8.7.0+ds-1

8.8.0+ds-2

8.8.0+ds-3

8.8.0+ds-3build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "8.8.0+ds-3build1",
            "binary_name": "calibre"
        },
        {
            "binary_version": "8.8.0+ds-3build1",
            "binary_name": "calibre-bin"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27810.json"