CVE-2026-27810 | kovidgoyal calibre up to 9.3.x HTTP Response Header /get/ content_disposition response splitting (GHSA-5fpj-fxw7-8grw)

A vulnerability labeled as critical has been found in kovidgoyal calibre up to 9.3.x. This affects an unknown part of the file /get/ of the component HTTP Response Header Handler. Such manipulation of the argument content_disposition leads to http response splitting.

This vulnerability is listed as CVE-2026-27810. The attack may be performed from remote. There is no available exploit.

The affected component should be upgraded.VulDB Recent EntriesRead More