Path Traversal Vulnerability in calibre E-Book Manager by Kovid Goyal
CVE-2026-30853

5MEDIUM

Key Information:

Vendor: Kovidgoyal
Status: Calibre
Vendor: CVE Published:; 13 March 2026

What is CVE-2026-30853?

calibre, a popular cross-platform e-book manager, has a path traversal vulnerability in the RocketBook (.rb) input plugin prior to version 9.5.0. This flaw allows attackers to exploit specially crafted .rb files to write arbitrary files to any directory writable by the calibre process. It mirrors a previous issue addressed in CVE-2026-26065 but was not fixed in the RB reader. Users are advised to upgrade to version 9.5.0 or later to safeguard against this security risk.

Affected Version(s)

calibre < 9.5.0

References

https://github.com/kovidgoyal/calibre/security/advisories...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2026
Vulnerability Reserved
Mar 5, 2026

CVE-2026-30853 Data

JSON

Kovidgoyal

What is CVE-2026-30853?

Affected Version(s)

References

CVSS V3.1

Timeline