Lucene search
+L
ThecodingmachineGotenberg

5 matches found

CVE
CVE
added 2026/05/14 3:36 p.m.39 views

CVE-2026-42590

Gotenberg contains a vulnerability (CVE-2026-42590) where ExifTool group-prefix syntax can bypass the dangerous-tag blocklist in metadata handling, allowing arbitrary file rename, move, hardlinks, and symlinks on the server. The issue exists prior to version 8.30.0; the safeKeyPattern and prefix ...

8.2CVSS5.9AI score0.0029EPSS
CVE
CVE
added 2026/03/30 8:14 p.m.33 views

CVE-2026-27018

CVE-2026-27018 affects Gotenberg and is a case-insensitive URL-scheme bypass of the prior fix for CVE-2024-21527. The root cause is a case-sensitive deny-list regex in Chromium URL handling, allowing mixed-case or uppercase schemes to bypass the deny-list. The issue has been patched in Gotenberg ...

8.8CVSS5.7AI score0.00538EPSS
CVE
CVE
added 2026/05/14 3:18 p.m.28 views

CVE-2026-40893

CVE-2026-40893 (Gotenberg/ExifTool blocklist bypass) Prior to 8.31.0, Gotenberg’s metadata processing only blocked the bare tag name (FileName), allowing group-prefixed tags like System:FileName to bypass the blocklist, enabling remote attackers to rename, move, or alter file permissions within t...

8.2CVSS6AI score0.00347EPSS
CVE
CVE
added 2026/05/14 3:20 p.m.21 views

CVE-2026-42591

CVE-2026-42591 (Gotenberg) affects the LibreOffice conversion endpoint in Gotenberg up to version 8.32.0. Uploaded documents are passed directly to LibreOffice for conversion without content inspection, enabling SSRF because LibreOffice can fetch embedded external URLs on its own, bypassing the G...

8.2CVSS5.8AI score0.00245EPSS
Web
CVE
CVE
added 2026/05/14 3:33 p.m.14 views

CVE-2026-42595

CVE-2026-42595 describes an SSRF flaw in Gotenberg’s Chromium URL endpoint (/forms/chromium/convert/url) prior to version 8.32.0. The default deny-list blocks only file:// URIs, leaving HTTP/HTTPS targets—including internal IPs and cloud metadata endpoints—unrestricted. An unauthenticated attacke...

8.6CVSS5.8AI score0.00313EPSS
Web