Lucene search
K

9 matches found

OSV
OSV
added 2026/06/25 10:34 p.m.3 views

GO-2026-5636 Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection in github.com/gotenberg/gotenberg

Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection in github.com/gotenberg/gotenberg...

9.8CVSS5.8AI score0.0295EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2026/06/23 12:0 a.m.16 views

VulnCheck KEV: CVE-2026-42589

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

9.8CVSS6.1AI score0.0295EPSS
In wildExploits2References12
NVD
NVD
added 2026/05/14 4:16 p.m.32 views

CVE-2026-42589

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

9.8CVSS0.0295EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:11 p.m.7 views

CVE-2026-42589

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

9.8CVSS6AI score0.0295EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2026/05/14 3:11 p.m.22 views

CVE-2026-42589

Gotenberg CVE-2026-42589: The issue is an unauthenticated remote code execution in Gotenberg

9.8CVSS6AI score0.0295EPSS
In wildExploits2References1Affected Software1
NVD
NVD
added 2026/05/06 9:16 p.m.8 views

CVE-2026-40281

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate...

10CVSS0.00611EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/06 8:46 p.m.13 views

CVE-2026-40281 Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate...

10CVSS6AI score0.00611EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 8:46 p.m.6 views

CVE-2026-40281

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate...

10CVSS6AI score0.00611EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/05/06 8:46 p.m.40 views

CVE-2026-40281

Gotenberg 8.x (

10CVSS6AI score0.00611EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder