UBUNTU-CVE-2026-33205

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-33205

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33205.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-33205

Upstream

CVE-2026-33205

Published

2026-03-27T15:16:00Z

Modified

2026-05-20T16:25:26.996074555Z

Severity

4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitrary URLs and exfiltrate information out from the ebook sandbox. Version 9.6.0 patches the issue.

References

Affected packages

Ubuntu:16.04:LTS

calibre

Package

Name: calibre
Purl: pkg:deb/ubuntu/calibre?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.33.0+dfsg-1build1

2.38.0+dfsg-1

2.45.0+dfsg-1

2.45.0+dfsg-1build1

2.48.0+dfsg-1

2.48.0+dfsg-1build1

2.54.0+dfsg-1

2.55.0+dfsg-1

2.55.0+dfsg-1ubuntu0.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "calibre",
            "binary_version": "2.55.0+dfsg-1ubuntu0.2"
        },
        {
            "binary_name": "calibre-bin",
            "binary_version": "2.55.0+dfsg-1ubuntu0.2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33205.json"

Ubuntu:18.04:LTS

calibre

Package

Name: calibre
Purl: pkg:deb/ubuntu/calibre?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.7.0+dfsg-2

3.7.0+dfsg-2build1

3.12.0+dfsg-1

3.13.0+dfsg-1

3.14.0+dfsg-1

3.15.0.1+dfsg-1

3.16.0+dfsg-1

3.16.0+dfsg-1build1

3.17.0+dfsg-1

3.17.0+dfsg-2

3.18.0+dfsg-1build1

3.19.0+dfsg-1

3.20.0+dfsg-1

3.21.0+dfsg-1

3.21.0+dfsg-1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "calibre",
            "binary_version": "3.21.0+dfsg-1build1"
        },
        {
            "binary_name": "calibre-bin",
            "binary_version": "3.21.0+dfsg-1build1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33205.json"

Ubuntu:20.04:LTS

calibre

Package

Name: calibre
Purl: pkg:deb/ubuntu/calibre?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.46.0+dfsg-1

4.*

4.2.0+dfsg-2

4.3.0+dfsg-1

4.3.0+dfsg-2

4.4.0+dfsg-1

4.5.0+dfsg-1

4.5.0+dfsg-2

4.5.0+dfsg-3

4.6.0+dfsg-1

4.7.0+dfsg-1

4.99.3+dfsg-2

4.99.4+dfsg-1

4.99.4+dfsg-1build1

4.99.4+dfsg+really4.10.0+py3-2

4.99.4+dfsg+really4.11.2-1

4.99.4+dfsg+really4.11.2-1build1

4.99.4+dfsg+really4.12.0-1

4.99.4+dfsg+really4.12.0-1build1

4.99.4+dfsg+really4.12.0-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "calibre",
            "binary_version": "4.99.4+dfsg+really4.12.0-1ubuntu1"
        },
        {
            "binary_name": "calibre-bin",
            "binary_version": "4.99.4+dfsg+really4.12.0-1ubuntu1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33205.json"

Ubuntu:22.04:LTS

calibre

Package

Name: calibre
Purl: pkg:deb/ubuntu/calibre?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.25.0+dfsg-2

5.33.2+dfsg-1

5.34.0+dfsg-1

5.35.0+dfsg-1ubuntu2

5.37.0+dfsg-1

5.37.0+dfsg-1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "calibre",
            "binary_version": "5.37.0+dfsg-1build1"
        },
        {
            "binary_name": "calibre-bin",
            "binary_version": "5.37.0+dfsg-1build1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33205.json"

Ubuntu:24.04:LTS

calibre

Package

Name: calibre
Purl: pkg:deb/ubuntu/calibre?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.24.0+ds-1

6.29.0+ds-1

7.*

7.0.0+ds-1

7.1.0+ds-1

7.1.0+ds-2

7.2.0+ds-1

7.2.0+ds-1build1

7.3.0+ds-1

7.4.0+ds-1

7.5.1+ds-1

7.5.1+ds-2

7.5.1+ds-3

7.6.0+ds-1

7.6.0+ds-1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "calibre",
            "binary_version": "7.6.0+ds-1build1"
        },
        {
            "binary_name": "calibre-bin",
            "binary_version": "7.6.0+ds-1build1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33205.json"

Ubuntu:25.10

calibre

Package

Name: calibre
Purl: pkg:deb/ubuntu/calibre?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.26.0+ds-4build1

8.*

8.3.0+ds-1

8.4.0+ds-1

8.5.0+ds-1

8.6.0+ds-1

8.7.0+ds-1

8.8.0+ds-2

8.8.0+ds-3

8.8.0+ds-3build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "calibre",
            "binary_version": "8.8.0+ds-3build1"
        },
        {
            "binary_name": "calibre-bin",
            "binary_version": "8.8.0+ds-3build1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33205.json"

Ubuntu:26.04:LTS

calibre

Package

Name: calibre
Purl: pkg:deb/ubuntu/calibre?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.8.0+ds-3build1

8.13.0+ds+~0.10.5-3

8.14.0+ds+~0.10.5-1

8.15.0+ds+~0.10.5-1

8.16.0+ds+~0.10.5-2

8.16.2+ds+~0.10.5-1

8.16.2+ds+~0.10.5-2

8.16.2+ds+~0.10.5-3

9.*

9.2.1+ds+~0.10.5-2build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "calibre",
            "binary_version": "9.2.1+ds+~0.10.5-2build1"
        },
        {
            "binary_name": "calibre-bin",
            "binary_version": "9.2.1+ds+~0.10.5-2build1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33205.json"