| CVE-2026-42589 |
critical |
9.8 |
9.8 |
|
|
|
21d ago |
Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection |
| CVE-2026-42596 |
critical |
9.4 |
9.4 |
|
|
|
21d ago |
Gotenberg vulnerable to unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook |
| CVE-2026-40281 |
critical |
9.1 |
9.1 |
|
|
|
29d ago |
Gotenberg has ExifTool stdin argument injection via metadata value newlines (bypass of key sanitization fix) |
| CVE-2026-42597 |
medium |
5.9 |
5.9 |
|
|
|
21d ago |
Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme |
| CVE-2026-42593 |
medium |
5.3 |
5.3 |
|
|
|
21d ago |
Gotenberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes |
| CVE-2026-42592 |
medium |
5.3 |
5.3 |
|
|
|
21d ago |
Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes |
| CVE-2026-45742 |
unknown |
— |
— |
|
|
|
6d ago |
Gotenberg has a Race Condition via Multipart `downloadFrom` Handling |
| CVE-2026-45741 |
unknown |
— |
— |
|
|
|
6d ago |
Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes |
| CVE-2026-44829 |
unknown |
— |
— |
|
|
|
6d ago |
Gotenberg has path traversal in zip entry name via Windows-style separators in upload filename |
