Remote Code Execution Vulnerability in Koodo Reader
CVE-2026-55408
8.4HIGH
What is CVE-2026-55408?
Koodo Reader, an ebook reader application, is susceptible to remote code execution vulnerabilities in versions 2.3.0 and earlier. This issue arises due to the open-book IPC handler enabling nodeIntegrationInSubFrames and the use of unsanitized innerHTML to render EPUB chapter content. A crafted EPUB file can exploit this vulnerability, allowing attackers to execute arbitrary operating system commands with the privileges of the victim user when the file is imported and opened. Users are advised to upgrade to version 2.3.1 or later to mitigate this risk.
Affected Version(s)
koodo-reader < 2.3.1
