Arbitrary Code Execution Vulnerability in Calibre eBook Manager
CVE-2026-53511
8.5HIGH
What is CVE-2026-53511?
The Calibre eBook Manager is susceptible to an arbitrary code execution vulnerability when processing specially crafted EPUB, OPF, or PDF files. Versions prior to 9.10.0 fail to properly sanitize metadata input, enabling attackers to embed malicious Python code within custom column definitions. When a user adds or edits books, this unsanitized template can be executed through the exec() function, potentially compromising the system's security. Users are advised to upgrade to version 9.10.0 or later to mitigate this risk.
Affected Version(s)
calibre < 9.10.0
