CVE-2026-42594

Gotenberg CVE-2026-42594 describes an unauthenticated denial of service caused by reuse of echo.Context in the webhook async flow. Prior to 8.32.0, a goroutine holds a reference to the request context after ErrAsyncProcess, and Echo recycles the context to a pool. If a concurrent request reuses t...

Gotenberg has an unauthenticated denial of service via echo.Context pool reuse in webhook async goroutine

Summary The webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the context back to its sync.Pool. When a concurrent request claims the recycled context, c.Reset clears the store. If the...

GHSA-R33J-C622-R6QP Gotenberg has an unauthenticated denial of service via echo.Context pool reuse in webhook async goroutine

Summary The webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the context back to its sync.Pool. When a concurrent request claims the recycled context, c.Reset clears the store. If the...

PT-2026-38385

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.32.0 Description A flaw in the webhook middleware allows an anonymous caller to crash the process. The middleware spawns a goroutine that retains a reference to the echo.Context after the synchronous handler retur...