Remote Code Execution Vulnerability in Koodo Reader
CVE-2026-55408

8.4HIGH

Key Information:

Vendor
CVE Published:
7 July 2026

What is CVE-2026-55408?

Koodo Reader, an ebook reader application, is susceptible to remote code execution vulnerabilities in versions 2.3.0 and earlier. This issue arises due to the open-book IPC handler enabling nodeIntegrationInSubFrames and the use of unsanitized innerHTML to render EPUB chapter content. A crafted EPUB file can exploit this vulnerability, allowing attackers to execute arbitrary operating system commands with the privileges of the victim user when the file is imported and opened. Users are advised to upgrade to version 2.3.1 or later to mitigate this risk.

Affected Version(s)

koodo-reader < 2.3.1

References

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.