Filtered by vendor Koodo-reader Subscriptions
Filtered by product Koodo-reader Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-55408 1 Koodo-reader 1 Koodo-reader 2026-07-10 N/A
Koodo Reader is an ebook reader. In version 2.3.0 and earlier, Koodo Reader is vulnerable to remote code execution through malicious EPUB files because the open-book IPC handler enables nodeIntegrationInSubFrames and EPUB chapter content is rendered with unsanitized innerHTML. An attacker can craft an EPUB book that, when imported and opened by the victim, instantiates a hidden iframe with Node.js API access and executes arbitrary operating system commands with the victim user's privileges. This issue is fixed in version 2.3.1.