Lucene search
K

15 matches found

CVE
CVE
added 2021/02/26 5:20 p.m.37 views

CVE-2021-23345

CVE-2021-23345 affects the Go package github.com/thecodingmachine/gotenberg (and related Chromium module) with a Server-Side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute references an internal file (e.g., ). Connected sources confirm this SSRF behavior and provide ...

5.3CVSS5.3AI score0.01053EPSS
Web
CVE
CVE
added 2026/05/06 8:46 p.m.34 views

CVE-2026-40281

Gotenberg 8.x (

10CVSS6AI score0.00611EPSS
CVE
CVE
added 2026/05/14 3:36 p.m.33 views

CVE-2026-42590

Gotenberg contains a vulnerability (CVE-2026-42590) where ExifTool group-prefix syntax can bypass the dangerous-tag blocklist in metadata handling, allowing arbitrary file rename, move, hardlinks, and symlinks on the server. The issue exists prior to version 8.30.0; the safeKeyPattern and prefix ...

8.2CVSS5.9AI score0.0029EPSS
CVE
CVE
added 2026/05/14 3:32 p.m.24 views

CVE-2026-42594

Gotenberg CVE-2026-42594 describes an unauthenticated denial of service caused by reuse of echo.Context in the webhook async flow. Prior to 8.32.0, a goroutine holds a reference to the request context after ErrAsyncProcess, and Echo recycles the context to a pool. If a concurrent request reuses t...

7.5CVSS5.8AI score0.00348EPSS
CVE
CVE
added 2026/03/30 8:14 p.m.23 views

CVE-2026-27018

CVE-2026-27018 affects Gotenberg and is a case-insensitive URL-scheme bypass of the prior fix for CVE-2024-21527. The root cause is a case-sensitive deny-list regex in Chromium URL handling, allowing mixed-case or uppercase schemes to bypass the deny-list. The issue has been patched in Gotenberg ...

8.8CVSS5.7AI score0.00538EPSS
CVE
CVE
added 2026/05/14 3:11 p.m.22 views

CVE-2026-42589

Gotenberg exposes an unauthenticated RCE via the /forms/pdfengines/metadata/write endpoint. The root cause is that JSON metadata keys are passed to ExifTool without validation; a newline in a key allows injection of ExifTool flags (e.g., -if), enabling arbitrary code execution as the Gotenberg pr...

9.8CVSS6AI score0.0295EPSS
In wildWeb
CVE
CVE
added 2026/05/14 3:31 p.m.22 views

CVE-2026-42593

CVE-2026-42593 affects Gotenberg: multiple routes (merge, split, LibreOffice convert, chromium convert variants) improperly accept stampSource=pdf/stampExpression and watermarkSource=pdf/watermarkExpression from anonymous callers. If stampExpression or watermarkExpression points to a file path th...

5.3CVSS5.8AI score0.00311EPSS
Web
CVE
CVE
added 2026/05/14 3:19 p.m.22 views

CVE-2026-42596

CVE-2026-42596 describes an unauthenticated SSRF vulnerability in Gotenberg’s default deny-list filtering for the downloadFrom and webhook features. The issue arises because the deny-lists are regex-based and case-sensitive, allowing attacker-controlled URLs (e.g., IPv4-mapped IPv6 loopback forms...

9.4CVSS5.8AI score0.00352EPSS
CVE
CVE
added 2026/05/14 3:20 p.m.20 views

CVE-2026-42591

CVE-2026-42591 (Gotenberg) affects the LibreOffice conversion endpoint in Gotenberg up to version 8.32.0. Uploaded documents are passed directly to LibreOffice for conversion without content inspection, enabling SSRF because LibreOffice can fetch embedded external URLs on its own, bypassing the G...

8.2CVSS5.8AI score0.00245EPSS
Web
CVE
CVE
added 2026/04/07 2:24 p.m.19 views

CVE-2026-35458

Gotenberg CVE-2026-35458 affects the Chromium module of Gotenberg (forms/chromium/screenshot/url) where user-supplied scope patterns are compiled with dlclark/regexp2 without a timeout, enabling ReDoS/backtracking that can hang workers and impact availability. Affected code paths and versions are...

9.8CVSS5.9AI score0.00497EPSS
CVE
CVE
added 2026/05/05 7:52 p.m.19 views

CVE-2026-40280

Gotenberg vulnerability (CVE-2026-40280) enables SSRF through a case-insensitive URL scheme bypass in the webhook and api-download-from deny-lists. In versions

7.8CVSS5.7AI score0.00463EPSS
CVE
CVE
added 2026/05/14 3:18 p.m.19 views

CVE-2026-40893

CVE-2026-40893 (Gotenberg/ExifTool blocklist bypass) Prior to 8.31.0, Gotenberg’s metadata processing only blocked the bare tag name (FileName), allowing group-prefixed tags like System:FileName to bypass the blocklist, enabling remote attackers to rename, move, or alter file permissions within t...

8.2CVSS6AI score0.00347EPSS
CVE
CVE
added 2026/05/14 3:30 p.m.17 views

CVE-2026-42592

Gotenberg (v7/v8) contains a DNS rebinding/SSRF issue in the FilterOutboundURL flow. Before 8.32.0, FilterOutboundURL resolves hostnames, filters IPs against a private-address deny-list, but discards the resolved addresses. Chromium then performs its own DNS resolution when navigating to the URL,...

5.3CVSS5.8AI score0.00186EPSS
CVE
CVE
added 2026/05/14 3:34 p.m.16 views

CVE-2026-42597

Gotenberg’s Chromium URL routes (/forms/chromium/convert/url and /forms/chromium/screenshot/url) allow file:// access to /tmp for anonymous callers, enabling cross-request data exfiltration by enumerating work/request directories during overlapping conversions. This is caused by the HTML/Markdown...

5.9CVSS5.8AI score0.00251EPSS
Web
CVE
CVE
added 2026/05/14 3:33 p.m.12 views

CVE-2026-42595

CVE-2026-42595 describes an SSRF flaw in Gotenberg’s Chromium URL endpoint (/forms/chromium/convert/url) prior to version 8.32.0. The default deny-list blocks only file:// URIs, leaving HTTP/HTTPS targets—including internal IPs and cloud metadata endpoints—unrestricted. An unauthenticated attacke...

8.6CVSS5.8AI score0.00313EPSS
Web