GHSA-VP73-VJW8-8F32 Gotenberg has a Race Condition via Multipart `downloadFrom` Handling

Summary Gotenberg is vulnerable to a remote denial of service in multipart downloadFrom handling. A multipart request containing multiple downloadFrom entries causes concurrent goroutines to write to shared maps without synchronization. This can terminate the process with fatal error: concurrent...

CVE-2026-42590

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

CVE-2026-42590

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

CVE-2026-42597 Gotenberg: Chromium URL conversion routes read arbitrary files under /tmp via file:// scheme

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...

CVE-2026-40893

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.31.0 contained security vulnerabilities. These vulnerabilities stemmed from a flaw where only whether the tag was “FileName”...

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the metadata process. An attacker can rename, move, or create links to files within the container by submitting specially crafted metadata values that bypass the intended blocklist. This may also...

PT-2026-37106

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.31.0 Description Gotenberg fails to properly validate metadata tags passed to ExifTool, a tool used for reading and writing image, audio, and video metadata. While the software blocks specific tags like FileName a...

Gotenberg has case-insensitive URL scheme that bypasses webhook and downloadFrom deny-list SSRF protection

Vulnerability Details CWE: CWE-918 - Server-Side Request Forgery SSRF The default private-IP deny-lists for --webhook-deny-list and --api-download-from-deny-list use a case-sensitive regex ^https?://. Any uppercase URL scheme variant HTTP://, HTTPS://, Http:// bypasses the pattern. Go's...

PT-2026-37098

Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.29.1 through 8.30.x Description An unauthenticated attacker with network access can force the server to make outbound HTTP POST requests to arbitrary internal or external destinations. This is achieved by supplying a craft...

PT-2026-37104

Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.30.1 and earlier Description Gotenberg is an API-based document conversion tool. The default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression...

Gotenberg Vulnerable to ReDoS via extraHttpHeaders scope feature

Summary Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely. Details Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns...

EUVD-2020-5703

Malware in sbrugna...

EUVD-2020-5704

Malware in sbrugna...

EUVD-2020-6318

Malware in sbrugna...

CVE-2020-13449

A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files...

Server-Side Request Forgery (SSRF)

github.com/gotenberg/gotenberg/v8 is vulnerable to Server-side Request Forgery SSRF. The vulnerability is due to improper handling of requests made to the /convert/html endpoint, allowing attackers to exploit local file inclusion by referencing localhost files such as...

Gotenberg File Overwrite Vulnerability

Gotenberg is a Docker-powered stateless API for converting HTML, Markdown and Office documents to PDF. A file overwrite vulnerability exists in Gotenberg 6.2.1 and earlier versions. The vulnerability stems from insecure permissions in tini. An attacker can exploit the vulnerability to overwrite...

Thecodingmachine Gotenberg 安全漏洞

Gotenberg is a Docker-powered stateless API for converting HTML, Markdown and Office documents to PDF. A file overwrite vulnerability exists in Gotenberg 6.2.1 and earlier versions. The vulnerability stems from insecure permissions in tini. An attacker can exploit the vulnerability to overwrite...

Thecodingmachine Gotenberg 路径遍历漏洞

Gotenberg is a Docker-powered stateless API for converting HTML, Markdown and Office documents to PDF. A directory traversal vulnerability exists in Gotenberg 6.2.1 and earlier versions of the Markdown engine. An attacker can exploit this vulnerability to read any container file...