Package impact
GO / github.com/gotenberg/gotenberg/v8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42589 | critical | 9.8 | 9.8 | 21d ago | Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection | |||
| CVE-2026-42596 | critical | 9.4 | 9.4 | 21d ago | Gotenberg vulnerable to unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook | |||
| CVE-2026-40281 | critical | 9.1 | 9.1 | 29d ago | Gotenberg has ExifTool stdin argument injection via metadata value newlines (bypass of key sanitization fix) |