Calibre is a widely used cross-platform e-book management application that includes a Content Server for remote access to e-book libraries. Prior to version 9.4.0, the Content Server implemented brute-force protection by banning IP addresses after excessive failed authentication attempts. This ban key was generated using the client's remote IP address combined with the X-Forwarded-For HTTP header. However, the server reads the X-Forwarded-For header directly from incoming HTTP requests without validating whether the header originates from a trusted proxy. Since HTTP headers can be easily spoofed by an attacker, this allows them to manipulate the X-Forwarded-For value to evade IP bans. Consequently, the brute-force protection mechanism can be bypassed, enabling attackers to perform unlimited password guessing or credential stuffing attacks against the server. This vulnerability is classified under CWE-307 (Improper Restriction of Excessive Authentication Attempts) and CWE-346 (Origin Validation Error). The vulnerability affects all calibre Content Server instances exposed to the internet running versions earlier than 9.4.0. The issue does not require any authentication or user interaction to exploit, and no known exploits are currently observed in the wild. The vendor addressed this flaw in version 9.4.0 by properly validating or restricting the use of the X-Forwarded-For header to trusted proxies only, restoring the effectiveness of brute-force protections.

The primary impact of this vulnerability is the potential compromise of user credentials on calibre Content Servers exposed to the internet. By bypassing brute-force protections, attackers can perform unlimited password guessing or credential stuffing attacks, increasing the likelihood of unauthorized access. This can lead to unauthorized disclosure of e-book libraries, user privacy violations, and potential further exploitation if credentials are reused elsewhere. Although the vulnerability does not directly affect system integrity or availability, successful unauthorized access could enable attackers to manipulate or delete content. Organizations relying on calibre servers for remote e-book access are at risk, especially if they use weak or reused passwords. The medium CVSS score (5.3) reflects the moderate confidentiality impact and ease of exploitation without authentication or user interaction. The lack of known exploits in the wild suggests limited active exploitation but does not diminish the risk for exposed servers.

To mitigate this vulnerability, organizations should immediately upgrade all calibre Content Server instances to version 9.4.0 or later, where the issue is fixed. Until upgrading is possible, administrators should restrict access to the calibre Content Server by implementing network-level controls such as IP whitelisting, VPN access, or firewall rules to limit exposure to trusted users only. Additionally, configuring reverse proxies or load balancers to properly validate and sanitize the X-Forwarded-For header can help prevent header spoofing. Enforcing strong, unique passwords and enabling multi-factor authentication (if supported) will reduce the risk of successful brute-force attacks. Monitoring authentication logs for repeated failed attempts and implementing alerting can provide early detection of attack attempts. Finally, disabling or limiting the Content Server's internet exposure when not necessary is recommended to reduce attack surface.